reg-browser-bot 安全扫描报告 — 可信 | ClawSafe

5 /100

reg-browser-bot

Browser automation toolkit for multi-account management, data collection, automated operations, and captcha recognition on e-commerce and social platforms

This is a legitimate browser automation toolkit for account management, data collection, and automated operations on e-commerce/social platforms. The codebase has sound security design with Fernet encryption for passwords, cookie domain validation, no dangerous deserialization, and no credential theft or exfiltration behavior.

技能名称reg-browser-bot

分析耗时76.1s

引擎pi

✓

可以安装

This skill is safe to use. No malicious behavior detected. The only minor concern is the auto-installation of the cryptography package as a fallback in security.py, which is defensible for a dependency that directly enables the skill's core encryption feature.

安全发现 2 项

严重性	安全发现	位置
低危	Fallback auto-installation of cryptography package 供应链 security.py:28-30 automatically runs 'pip3 install cryptography' if the cryptography package is not available. While this enables the skill's core encryption feature, it could install an unexpected version of cryptography in constrained environments. `except ImportError: import subprocess subprocess.check_call(['pip3', 'install', 'cryptography', '--break-system-packages'])` → Consider pinning to a specific version (e.g., cryptography>=3.4) in a requirements.txt and document it as a required dependency. Let installation fail clearly rather than auto-installing.	`security.py:28`
低危	Pre-scan misidentified Chrome version numbers as IP addresses 文档欺骗 The pre-scan flagged browser_config.py lines 43-46,63 as hardcoded IP addresses (120.0.0.0, 119.0.0.0, etc.). These are actually Chrome and Opera version numbers embedded in User-Agent strings (e.g., 'Chrome/120.0.0.0', 'OPR/106.0.0.0'). No actual IP addresses or C2 infrastructure exists. `"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"` → No action needed. Pre-scan false positive — the values are standard browser UA version strings.	`browser_config.py:43`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ+WRITE`	`READ+WRITE`	✓ 一致	account.py writes JSON to ~/.openclaw/accounts/, explicitly declared in SKILL.md…
网络访问	`READ`	`READ`	✓ 一致	collector.py navigates to taobao/jd/douyin, explicitly declared in SKILL.md over…
命令执行	`NONE`	`NONE`	—	security.py:29 uses subprocess only to install cryptography package as a depende…
环境变量	`NONE`	`NONE`	—	security.py:37 reads REG_BROWSER_KEY env var for key override only — no iteratio…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation found
剪贴板	`NONE`	`NONE`	—	Not used anywhere in codebase
浏览器	`READ+WRITE`	`READ+WRITE`	✓ 一致	Selenium/Playwright browser automation, declared in SKILL.md Phase D
数据库	`READ+WRITE`	`READ+WRITE`	✓ 一致	SQLite in ~/.config/reg-browser-bot/, declared in SKILL.md Phase B SQLite storag…

5 高危 19 项发现

📡

高危 IP 地址硬编码 IP 地址

120.0.0.0

browser_config.py:43

📡

高危 IP 地址硬编码 IP 地址

119.0.0.0

browser_config.py:44

📡

高危 IP 地址硬编码 IP 地址

118.0.0.0

browser_config.py:45

📡

高危 IP 地址硬编码 IP 地址

121.0.0.0

browser_config.py:46

📡

高危 IP 地址硬编码 IP 地址

106.0.0.0

browser_config.py:63

🔗

中危外部 URL 外部 URL

http://127.0.0.1:7890

SKILL.md:251

🔗

中危外部 URL 外部 URL

https://www.baidu.com

SKILL.md:500

🔗

中危外部 URL 外部 URL

https://s.taobao.com/search?q=

collector.py:234

🔗

中危外部 URL 外部 URL

https://search.jd.com/Search?keyword=

collector.py:284

🔗

中危外部 URL 外部 URL

https://www.douyin.com/search/

collector.py:328

🔗

中危外部 URL 外部 URL

https://item.jd.com/123.html

collector.py:400

🔗

中危外部 URL 外部 URL

https://www.example.com/login

pipeline.py:397

🔗

中危外部 URL 外部 URL

https://www.douyin.com

poster.py:108

🔗

中危外部 URL 外部 URL

https://creator.douyin.com/create-micro-site

poster.py:114

🔗

中危外部 URL 外部 URL

https://creator.xiaohongshun.com/publish/publish

poster.py:145

🔗

中危外部 URL 外部 URL

https://weibo.com

poster.py:184

🔗

中危外部 URL 外部 URL

https://weibo.com/compose

poster.py:190

🔗

中危外部 URL 外部 URL

https://www.douyin.com/creator/dm

poster.py:226

📧

提示邮箱邮箱地址

[email protected]

account.py:660

目录结构

21 文件 · 286.4 KB · 9107 行

Python 19f · 8223L Markdown 1f · 857L JSON 1f · 27L

├─ 🐍 __init__.py Python 113L · 2.5 KB

├─ 📋 _meta.json JSON 27L · 1.1 KB

├─ 🐍 account.py Python 846L · 27.8 KB

├─ 🐍 browser_config.py Python 750L · 25.5 KB

├─ 🐍 browser_manager.py Python 247L · 8.4 KB

├─ 🐍 browser_playwright.py Python 641L · 18.3 KB

├─ 🐍 browser.py Python 514L · 16.1 KB

├─ 🐍 captcha.py Python 899L · 30.1 KB

├─ 🐍 collector.py Python 470L · 14.4 KB

├─ 🐍 exceptions.py Python 57L · 1.1 KB

├─ 🐍 migrate_json_to_sqlite.py Python 330L · 10.7 KB

├─ 🔑 migrate_passwords.py ⚠ Python 197L · 6.3 KB

├─ 🐍 models.py Python 505L · 16.9 KB

├─ 🐍 pipeline.py Python 628L · 18.8 KB

├─ 🐍 poster.py Python 456L · 14.9 KB

├─ 🐍 proxy.py Python 316L · 9.5 KB

├─ 🐍 security.py Python 200L · 6.2 KB

├─ 📝 SKILL.md Markdown 857L · 22.9 KB

├─ 🐍 task_scheduler.py Python 501L · 15.9 KB

├─ 🐍 tool.py Python 440L · 15.9 KB

└─ 🐍 utils.py Python 113L · 3.2 KB

依赖分析 8 项

包名	版本	来源	已知漏洞	备注
`selenium`	`>=4.0.0`	pip	否	Standard browser automation framework
`cryptography`	`latest (auto-install fallback)`	pip	否	Auto-installed as fallback; should be declared as a hard dependency
`ddddocr`	`>=1.6.0`	pip	否	Pure Python OCR, Phase A upgrade
`playwright`	`>=1.40.0`	pip	否	Phase D browser engine, dual-engine with Selenium
`opencv-python`	`>=4.0.0`	pip	否	Used for slider captcha template matching
`apscheduler`	`*`	pip	否	Version not pinned
`schedule`	`*`	pip	否	Version not pinned
`undetected-chromedriver`	`>=3.0.0`	pip	否	Optional anti-detection wrapper

安全亮点

✓ Fernet (AES-CBC) encryption with PBKDF2 key derivation for all stored passwords — security.py

✓ Cookie domain validation prevents cross-domain cookie injection — account.py:163-172

✓ No use of pickle, eval(), exec(), or other dangerous deserialization/code execution patterns

✓ No credential harvesting: does not read ~/.ssh, ~/.aws, .env, or iterate os.environ for secrets

✓ No data exfiltration: all collected data stored locally in ~/.openclaw/ and ~/.config/reg-browser-bot/

✓ No obfuscation: no base64-encoded execution, HTML comment hidden instructions, or anti-analysis tricks

✓ No remote script execution (curl|bash / wget|sh) — all dependencies declared

✓ Playwright and Selenium are well-established browser automation frameworks with no known malicious history

✓ No persistence mechanisms: no cron jobs, startup scripts, or backdoor installation

✓ SKILL.md accurately documents all capabilities, file paths, dependencies, and architecture phases