toq 安全扫描报告 — 可疑 | ClawSafe

45 /100

toq

Agent-to-agent secure messaging protocol

Legitimate agent-to-agent communication tool with significant doc-to-code mismatch: missing permission declarations, documented but risky curl|sh installation, and extensive persistence mechanisms without proper disclosure.

技能名称toq

分析耗时70.5s

引擎pi

⚠

谨慎使用

Approve with caveats: Require explicit allowed-tools declaration for shell:WRITE, network:READ, filesystem:WRITE; warn users about curl|sh risks; add prominent security warnings for handler and service creation features.

安全发现 5 项

严重性	安全发现	位置
高危	Missing allowed-tools declaration 文档欺骗 SKILL.md frontmatter does not declare required permissions. The skill executes shell commands (toq install, setup, send), makes network requests (install script, IP detection), and writes files (handlers, service files). `--- name: toq description: Send and receive secure messages...` → Add allowed-tools section declaring shell:WRITE, network:READ, filesystem:WRITE	`SKILL.md:1`
中危	Unverified remote script execution 供应链 The skill instructs users to run 'curl -sSf https://toq.dev/install.sh \| sh' without version pinning or hash verification. This pattern is a common supply chain attack vector. `curl -sSf https://toq.dev/install.sh \| sh && export PATH="$HOME/.toq/bin:$PATH"` → Document this as a known security risk; recommend verifying the install script or using versioned downloads	`SKILL.md:25`
中危	Hardcoded example IP in documentation 文档欺骗 references/handlers.md contains hardcoded IP '1.2.3.4' in filter rule examples, suggesting limited security review. `toq handler add h --command "bash log.sh" --from "toq://1.2.3.4/*"` → Replace with example domain or clearly mark as placeholder	`references/handlers.md:104`
中危	Service creation instructions not flagged 持久化 SKILL.md includes detailed systemd and launchd service creation instructions without prominent security warnings. These enable persistent daemon execution. `cat > /tmp/toq.service << EOF [Unit]...` → Add prominent warning about persistence implications	`SKILL.md:179`
低危	Security features buried in references 文档欺骗 Important security information (approval modes, exec tool risks) is in references/security.md rather than the main SKILL.md, reducing visibility. `# Security...` → Summarize key security points (approval mode, exec risks) in SKILL.md with links to references	`references/security.md:1`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	SKILL.md:25 - curl\|sh, SKILL.md:37-41 - toq setup/send commands
网络访问	`NONE`	`READ`	✗ 越权	SKILL.md:25 - fetches install.sh, SKILL.md:33 - curls ifconfig.me
文件系统	`NONE`	`WRITE`	✗ 越权	SKILL.md:47-50 - creates ~/handlers/, SKILL.md:179-193 - systemd service files

1 严重 1 高危 4 项发现

💀

严重危险命令危险 Shell 命令

curl -sSf https://toq.dev/install.sh | sh

SKILL.md:25

📡

高危 IP 地址硬编码 IP 地址

1.2.3.4

references/handlers.md:104

🔗

中危外部 URL 外部 URL

https://toq.dev/install.sh

SKILL.md:25

🔗

中危外部 URL 外部 URL

http://www.apple.com/DTDs/PropertyList-1.0.dtd

references/security.md:83

目录结构

5 文件 · 19.9 KB · 584 行

Markdown 5f · 584L

├─ ▾ 📁 references

│ ├─ 📝 commands.md Markdown 73L · 2.9 KB

│ ├─ 📝 conversational.md Markdown 85L · 2.8 KB

│ ├─ 📝 handlers.md Markdown 125L · 3.5 KB

│ └─ 📝 security.md Markdown 94L · 3.6 KB

└─ 📝 SKILL.md Markdown 207L · 7.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`toq`	`*`	https://toq.dev/install.sh	否	External binary installed via curl\|sh without verification

安全亮点

✓ Comprehensive security walkthrough provided in references/security.md

✓ Approval mode recommended as default (not open mode)

✓ Credential scanning and redaction mentioned for LLM handlers

✓ Connection modes (approval, allowlist) provide access control

✓ Clear documentation of tool functionality and purpose

✓ Handler patterns use proper quoting and input validation

✓ Alpha disclaimer warns against sensitive data transmission