proactive-companion 安全扫描报告 — 低风险 | ClawSafe

15 /100

proactive-companion

An autonomous, self-improving buddy system for OpenClaw that schedules interest-based Telegram pings

A legitimate proactive companion skill that schedules Telegram pings via OpenClaw cron, with no malicious patterns found. Minor concern about invasive SOUL.md patching during install.

技能名称proactive-companion

分析耗时43.3s

引擎pi

✓

可以安装

Review the automatic SOUL.md modification during install. Ensure you are comfortable with the skill patching system files. Otherwise safe to use.

安全发现 3 项

严重性	安全发现	位置
中危	Automatic SOUL.md Modification The install.sh script automatically appends routing rules to /data/.openclaw/SOUL.md without explicit user consent beyond the install process. `cat >> "$SOUL_FILE" << 'SOULEOF' ...` → Document this clearly during installation or provide a manual option.	`install.sh:148`
低危	tools.profile = coding Modification Install script attempts to change OpenClaw tools profile to 'coding' which enables broader execution capabilities. `$OPENCLAW_BIN config set tools.profile coding` → This is necessary for the skill to function but increases attack surface.	`install.sh:105`
低危	Broad subprocess Usage The code uses subprocess to call openclaw CLI for session management, history retrieval, and trigger injection. `subprocess.Popen(["openclaw", "agent", ...])` → While documented, subprocess usage is extensive. Ensure openclaw CLI is trusted.	`proaktiv_check.py:175`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✓ 一致	proaktiv_check.py:175-183 uses subprocess.Popen for openclaw agent command
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares filesystem:/data/.openclaw/skills/proaktiv/ - code operates wi…
网络访问	`NONE`	`NONE`	—	No direct network calls; all Telegram communication via openclaw CLI
环境变量	`READ`	`READ`	✓ 一致	Reads OPENCLAW_TELEGRAM_NR from .env file
数据库	`NONE`	`NONE`	—	Uses JSON files for state storage within skill directory

2 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai

.clawhub/origin.json:3

🔗

中危外部 URL 外部 URL

https://t.me/userinfobot

SKILL.md:160

目录结构

16 文件 · 82.2 KB · 2085 行

Python 4f · 1229L Markdown 4f · 559L Shell 1f · 214L JSON 6f · 75L Ignore 1f · 8L

├─ ▾ 📁 .clawhub

│ └─ 📋 origin.json JSON 7L · 141 B

├─ ▾ 📁 templates

│ ├─ 📋 interest_graph.json JSON 14L · 308 B

│ └─ 📋 social_knowledge.json JSON 3L · 19 B

├─ 📋 _meta.json JSON 6L · 148 B

├─ 📄 .gitignore Ignore 8L · 98 B

├─ 🐍 feedback_update.py Python 256L · 10.5 KB

├─ 🔧 install.sh Shell 214L · 8.3 KB

├─ 🐍 interest_evolve.py Python 114L · 3.9 KB

├─ 🐍 proaktiv_check.py Python 806L · 31.3 KB

├─ 🐍 proaktiv_onboarding.py Python 53L · 2.1 KB

├─ 📝 README.md Markdown 154L · 5.7 KB

├─ 📋 skill.json JSON 42L · 1.1 KB

├─ 📝 SKILL.md Markdown 284L · 12.2 KB

├─ 📋 social_knowledge.json JSON 3L · 19 B

├─ 📝 SOCIAL.md Markdown 34L · 1.4 KB

└─ 📝 TOPIC_TEMPLATES.md Markdown 87L · 5.1 KB

安全亮点

✓ No credential harvesting or exfiltration detected

✓ No base64, eval, or obfuscated code found

✓ No access to ~/.ssh, ~/.aws, or other sensitive paths

✓ No direct IP network requests or C2 communication

✓ No curl|bash or wget|sh remote script execution

✓ All data operations confined to skill directory /data/.openclaw/skills/proaktiv/

✓ Comprehensive changelog showing active development and bug fixes

✓ Clean, commented code with no hidden functionality

✓ MIT license properly declared

✓ Social knowledge tracking is transparent about data collection