中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
skill-dep-fixer
Scan installed OpenClaw skills, detect missing dependencies (npm, pip, brew, system binaries), and auto-fix what's fixable.
A legitimate dependency management tool for OpenClaw skills, but with significant doc-to-code mismatch: the --fix shell execution and --init/--manifest hidden flags are entirely undeclared in SKILL.md.
Skill Nameskill-dep-fixer
Duration52.7s
Enginepi
Safe to install
Declare all CLI flags (--fix, --init, --name, --description, --manifest) and the shell:WRITE capability in SKILL.md. Version-pin npm dependencies (chalk, js-yaml). Audit the --manifest path for supply-chain risks before merging.

Findings 5 items

Severity Finding Location
Medium
Undeclared --fix flag triggers shell:WRITE execution Doc Mismatch
SKILL.md describes the tool as a dependency checker with 'auto-fix' capability but never documents the --fix CLI flag. When --fix is provided, the tool executes 'brew install', 'npm install -g', and 'pip install' commands via exec() — a direct shell:WRITE capability that should be declared. Users have no documentation to understand the destructive nature of this flag.
function installCommand(entry) {
  if (entry.kind === 'brew' && entry.formula) return `brew install ${entry.formula}`;
  if (entry.kind === 'npm' && entry.id) return `npm install -g ${entry.id}`;
  if (entry.kind === 'pip' && entry.id) return `pip3 install ${entry.id}`;
}
→ Document --fix under a distinct 'Installation mode' section in SKILL.md with explicit warnings about system-wide package installations.
 skill-dep-fixer.js:144
Medium
Undeclared --init flag performs filesystem:WRITE to ~/.openclaw Doc Mismatch
The --init flag creates new SKILL.md files at ~/.openclaw/workspace/skills/<name>/SKILL.md using fs.mkdir and fs.writeFile. This is a filesystem:WRITE operation that enables skill creation/persistence. It is entirely absent from SKILL.md documentation.
async function initSkill(skillName, values) {
  const skillDir = path.join(os.homedir(), '.openclaw', 'workspace', 'skills');
  await fs.mkdir(skillDir, { recursive: true });
  await fs.writeFile(skillFile, buildSkillTemplate(...), 'utf8');
}
→ Document --init and its --name/--description sub-flags in SKILL.md, or remove the functionality if not intended for end users.
 skill-dep-fixer.js:119
Medium
Undeclared --manifest flag introduces alternative code path Doc Mismatch
src/skill-dep-fixer.js exposes a --manifest flag that calls parsers.parseManifest() when present. This alternative entry point is not documented anywhere and allows bypassing the normal skill directory scanning with an arbitrary manifest input. The purpose and safety of this path is unclear.
manifest: (() => { const i = argv.findIndex((a) => a === '--manifest'); return i >= 0 ? argv[i + 1] : undefined; })(),
→ Document --manifest or remove it from the public entry point. If intended for automation, document the expected manifest schema.
 src/skill-dep-fixer.js:25
Low
npm dependencies not version-pinned Supply Chain
package.json specifies chalk ^4.1.2 and js-yaml ^4.1.1 using caret ranges, allowing potentially broad updates. This could allow a compromised upstream package to be silently installed.
"chalk": "^4.1.2",
"js-yaml": "^4.1.1"
→ Pin exact versions: [email protected] and [email protected] to prevent supply-chain drift.
 package.json:19
Low
Reads environment variables via os.homedir() for npm prefix resolution Sensitive Access
src/installer.js calls os.homedir() to determine whether npm's global prefix is in the user's home directory, to decide whether to fall back to --location=user. This accesses user environment information but only uses it for a legitimate installation path decision.
const home = os.homedir();
let prefix = run('npm config get prefix').trim();
→ No action needed; behavior is benign and standard for npm installation handling.
 src/installer.js:46
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation skill-dep-fixer.js:119 - initSkill writes to ~/.openclaw/workspace/skills/
Shell NONE WRITE ✗ Violation skill-dep-fixer.js:144 - installCommand() returns brew/npm/pip install commands …
Environment NONE READ ✗ Violation src/installer.js:6 - os.homedir() used for npm prefix resolution
Network NONE READ ✓ Aligned src/installer.js - npm install -g / brew install / pip install trigger outbound …

File Tree

8 files · 27.4 KB · 977 lines
JavaScript 6f · 857L Markdown 1f · 96L JSON 1f · 24L
├─ 📁 src
│ ├─ 📜 checkers.js JavaScript 75L · 2.2 KB
│ ├─ 📜 installer.js JavaScript 126L · 3.6 KB
│ ├─ 📜 parsers.js JavaScript 86L · 2.2 KB
│ ├─ 📜 reporter.js JavaScript 110L · 3.6 KB
│ └─ 📜 skill-dep-fixer.js JavaScript 146L · 3.9 KB
├─ 📋 package.json JSON 24L · 511 B
├─ 📜 skill-dep-fixer.js JavaScript 314L · 8.8 KB
└─ 📝 SKILL.md Markdown 96L · 2.6 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
chalk ^4.1.2 npm No Caret range — not pinned to exact version
js-yaml ^4.1.1 npm No Caret range — not pinned to exact version

Security Positives

✓ Uses shellQuote() with proper single-quote escaping in installer.js, mitigating command injection
✓ No base64-encoded strings, eval(), or dynamic code generation found
✓ No credential harvesting, environment variable enumeration, or sensitive path access (no ~/.ssh, ~/.aws, .env reads)
✓ No curl|bash or wget|sh remote script execution patterns
✓ No network exfiltration or C2 communication
✓ Dependencies (chalk, js-yaml) are well-known, reputable npm packages
✓ The core functionality (checking and fixing skill dependencies) is accurately described, even if --fix is undocumented
✓ src/installer.js has proper error handling for network failures and EACCES permission errors with graceful fallbacks