aagent-system Security Report — Suspicious | ClawSafe

52 /100

aagent-system

多智能体自动化系统，用于AI Agent技能样本采集、安全扫描、威胁情报收集和研究分析

The skill exhibits significant doc-to-code mismatch, executes undeclared shell scripts from external paths, collects suspicious security-related keywords, and spawns far more processes than documented.

Skill Nameaagent-system

Duration75.9s

Enginepi

⚠

Use with caution

Do not use. The skill executes external scripts (~/.aass-scripts/*) not included in the package, collects potentially malicious package names (stealer, keylogger, backdoor, etc.), and has undocumented process-spawning and config-self-modification capabilities. If used in a security research context, isolate in a sandboxed environment only.

Attack Chain 5 steps

◎

Entry User installs skill believing it is a legitimate multi-agent sample collection tool per SKILL.md

SKILL.md:1

⬡

Escalation analyzer/scanner/researcher agents execute unverifiable external scripts from ~/aass-scripts/*

agents/analyzer/agent.cjs:8

⬡

Escalation Evolver agent self-modifies config and spawns additional collector processes dynamically

agents/evolver/agent.cjs:188

⬡

Escalation 19+ processes spawn beyond the 8 documented in SKILL.md, with undeclared network access to npm registries

bin/agent-manager.cjs:28

◉

Impact Suspicious package names (stealer, keylogger, trojan, backdoor) collected to data/samples.json with unclear handling

agents/collector/agent.cjs:23

Findings 7 items

Severity	Finding	Location
High	Undeclared External Script Execution RCE Three agent stubs (analyzer, scanner, researcher) execute shell scripts from paths outside the package (~/.aass-scripts/, ~/.aass-dataset/). These scripts are not included in the skill package, making their behavior unverifiable. This is the most dangerous finding as it enables arbitrary code execution through external files. `exec('~/aass-scripts/3layer_scheduler.sh analyzer 2>&1'...)` → Remove all exec() calls to external paths. Any functionality should be self-contained within the skill package.	`agents/analyzer/agent.cjs:8, agents/scanner/agent.cjs:8, agents/researcher/agent.cjs:8:8`
High	Major Architecture Mismatch Doc Mismatch SKILL.md claims a 3-layer pipeline with ~8 total processes. The actual implementation contains 9 distinct agent types spawning 19+ processes across multiple collection strategies (collector, ultra-collector, hyper-collector, fast-scanner, evolver, designer, perf-monitor, orchestrator, scanner, analyzer, researcher). This is a fundamental misrepresentation. `SKILL.md: '采集层(4进程) → 分析层(2进程) → 研究层(2进程)' vs actual: 15 collectors + 5 ultra + hyper + fast + evolver + designer + perf + orchestrator` → Update SKILL.md to accurately reflect all agent types, process counts, and collection strategies.	`SKILL.md:1, bin/agent-manager.cjs:28-31:1`
Medium	Undeclared Suspicious Keyword Targeting Sensitive Access The collector agent targets packages with keywords 'stealer', 'keylogger', 'cryptominer', 'trojan', 'backdoor', 'rat', 'grabber', 'clipper', 'spyware', 'botnet', and 'exploit'. The collection purpose for these potentially malicious package names is not declared in SKILL.md, raising questions about whether this data is used for security research or other purposes. `'stealer', 'keylogger', 'miner', 'cryptominer', 'trojan', 'backdoor', 'rat'` → Declare the purpose of collecting these package names. If for security research, add explicit documentation explaining how collected data is handled.	`agents/collector/agent.cjs:23-26:23`
Medium	Dynamic Process Spawning via Evolver RCE The evolver agent can automatically modify its own config (agents/config.json) and spawn new collector processes with exec(), effectively enabling self-propagation. This capability is entirely absent from SKILL.md documentation. exec(`AGENT_NAME=collector AGENT_INDEX=${Date.now()+i} node agents/collector/agent.cjs ...`) → Document self-modification and dynamic spawning. Consider restricting this to controlled environments only.	`agents/evolver/agent.cjs:188-192:188`
Medium	Undeclared Network Capabilities Doc Mismatch SKILL.md makes no mention of network access, yet the code performs HTTPS requests to npm registry APIs (registry.npmjs.com, registry.npmmirror.com) to collect package metadata. The declared 'security scanning' feature is actually just keyword matching with no code analysis. `https.get to registry.npmjs.com for npm package collection` → Declare network:READ permission and specify all external endpoints accessed.	`agents/collector/agent.cjs:76, agents/ultra-collector/agent.cjs:89:76`
Medium	Misleading Security Scanning Description Doc Mismatch SKILL.md describes '安全扫描' (security scanning) as detecting malicious code, credential leaks, and C2 connections. In reality, scanner agents only perform keyword pattern matching on package names and descriptions — no code analysis, no credential detection, no C2 detection. `Only string matching against MALICIOUS_PATTERNS list; no actual security analysis performed` → Correct documentation to accurately describe the actual scanning methodology (keyword matching) and its limitations.	`SKILL.md:1, agents/fast-scanner/agent.cjs:1:1`
Low	Environment Variable Access via Shell Sensitive Access bin/agent-manager.cjs uses execSync('free \| awk ...') and execSync('uptime \| awk ...') to check system resources. While the intent appears benign (resource-aware scaling), the shell:WRITE access through execSync is undeclared. `execSync("free \| grep Mem \| awk '{print int($3/$2*100)}'")` → Use Node.js native APIs (os.freemem(), os.totalmem()) instead of shell commands, or declare shell:READ access.	`bin/agent-manager.cjs:35-40:35`

Resource	Declared	Inferred	Status	Evidence
Network	`NONE`	`READ`	✗ Violation	agents/collector/agent.cjs:76 https.get to registry.npmjs.com
Shell	`NONE`	`WRITE`	✗ Violation	agents/analyzer/agent.cjs:8 exec() to ~/aass-scripts/*
Filesystem	`NONE`	`WRITE`	✗ Violation	agents/evolver/agent.cjs:line exec() spawns new processes, fs.writeFileSync conf…
Environment	`NONE`	`READ`	✗ Violation	bin/agent-manager.cjs:35 execSync free\|awk Mem for resource check
Skill Invoke	`NONE`	`WRITE`	✗ Violation	agents/evolver/agent.cjs:188 exec spawns collector agents dynamically

80 findings

🔗

Medium External URL 外部 URL

https://registry.npmjs.com/-/v1/search?text=$

agents/collector/agent.cjs:76

🔗

Medium External URL 外部 URL

https://modelcontextprotocol.io

data/samples.json:87

🔗

Medium External URL 外部 URL

https://help.obsidian.md/cli

data/samples.json:87

🔗

Medium External URL 外部 URL

https://obsidian.md

data/samples.json:120

🔗

Medium External URL 外部 URL

https://badge.fury.io/js/cdk-monitoring-constructs.svg

data/samples.json:471

🔗

Medium External URL 外部 URL

https://badge.fury.io/js/cdk-monitoring-constructs

data/samples.json:471

🔗

Medium External URL 外部 URL

https://maven-badges.herokuapp.com/maven-central/io.github.cdklabs/cdkmonitoringconstructs/badge.svg

data/samples.json:471

🔗

Medium External URL 外部 URL

https://cobe.vercel.app

data/samples.json:482

🔗

Medium External URL 外部 URL

http://www.pulumi.com/images/docs/badges/slack.svg

data/samples.json:548

🔗

Medium External URL 外部 URL

https://slack.pulumi.com

data/samples.json:548

🔗

Medium External URL 外部 URL

https://badge.fury.io/js/%40pulumi%2fdocker-build.svg

data/samples.json:548

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@pulumi/docker-build

data/samples.json:548

🔗

Medium External URL 外部 URL

https://badge.fury.io/p

data/samples.json:548

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/ccxt

data/samples.json:779

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@smithy/core/latest.svg

data/samples.json:834

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@smithy/core

data/samples.json:834

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@smithy/core.svg

data/samples.json:834

🔗

Medium External URL 外部 URL

https://redocly.com

data/samples.json:1273

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/docs

data/samples.json:1294

🔗

Medium External URL 外部 URL

https://react.dev/

data/samples.json:1305

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dw/%40google%2Fgenai

data/samples.json:1316

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@google/genai

data/samples.json:1316

🔗

Medium External URL 外部 URL

https://img.shields.io/node/v/%40google%2Fgenai

data/samples.json:1316

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/openai

data/samples.json:1327

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/google-generative-ai

data/samples.json:1349

🔗

Medium External URL 外部 URL

https://ai.google/discover/generativeai/

data/samples.json:1349

🔗

Medium External URL 外部 URL

https://badge.fury.io/js/orval.svg

data/samples.json:1393

🔗

Medium External URL 外部 URL

https://badge.fury.io/js/orval

data/samples.json:1393

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

data/samples.json:1393

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

data/samples.json:1393

🔗

Medium External URL 外部 URL

https://travis-ci.org/stefanpenner/get-caller-file.svg?branch=master

data/samples.json:2327

🔗

Medium External URL 外部 URL

https://travis-ci.org/stefanpenner/get-caller-file

data/samples.json:2327

🔗

Medium External URL 外部 URL

https://ci.appveyor.com/api/projects/status/ol2q94g1932cy14a/branch/master?svg=true

data/samples.json:2327

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@nx-extend/terraform\

data/samples.json:2745

🔗

Medium External URL 外部 URL

https://badgen.net/npm/v/@nx-extend/terraform\

data/samples.json:2745

🔗

Medium External URL 外部 URL

https://vim.colefoster.ca/demo

data/samples.json:3207

🔗

Medium External URL 外部 URL

https://serverless.com

data/samples.json:3295

🔗

Medium External URL 外部 URL

https://gitpod.io/button/open-in-gitpod.svg

data/samples.json:3383

🔗

Medium External URL 外部 URL

https://gitpod.io/#https://github.com/ryanrosello-og/playwright-slack-report

data/samples.json:3383

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/anthropic

data/samples.json:3537

🔗

Medium External URL 外部 URL

https://docs.anthropic.com/claude/reference/messages_post

data/samples.json:3537

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/xai

data/samples.json:3559

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/google-vertex

data/samples.json:3581

🔗

Medium External URL 外部 URL

https://cloud.google.com/vertex-ai

data/samples.json:3581

🔗

Medium External URL 外部 URL

https://openrouter.ai/

data/samples.json:3603

🔗

Medium External URL 外部 URL

https://sdk.vercel.ai/docs

data/samples.json:3603

🔗

Medium External URL 外部 URL

https://svelte.dev/

data/samples.json:3614

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/deepseek

data/samples.json:3636

🔗

Medium External URL 外部 URL

https://www.deepseek.com

data/samples.json:3636

🔗

Medium External URL 外部 URL

https://vuejs.org/

data/samples.json:3647

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/azure

data/samples.json:3658

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/mistral

data/samples.json:3669

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/amazon-bedrock

data/samples.json:3680

🔗

Medium External URL 外部 URL

https://docs.aws.amazon.com/bedrock/latest/APIR

data/samples.json:3680

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/groq

data/samples.json:3713

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/middleware-user-agent/latest.svg

data/samples.json:3955

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/middleware-user-agent

data/samples.json:3955

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/middleware-user-agent.svg

data/samples.json:3955

🔗

Medium External URL 外部 URL

https://www.npmjs.c

data/samples.json:3955

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/middleware-logger/latest.svg

data/samples.json:3988

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/middleware-logger

data/samples.json:3988

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/middleware-logger.svg

data/samples.json:3988

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@

data/samples.json:3988

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/middleware-sdk-s3/latest.svg

data/samples.json:3999

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/middleware-sdk-s3

data/samples.json:3999

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/middleware-sdk-s3.svg

data/samples.json:3999

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/middleware-host-header/latest.svg

data/samples.json:4010

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/middleware-host-header

data/samples.json:4010

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/middleware-host-header.svg

data/samples.json:4010

🔗

Medium External URL 外部 URL

https://www.npmj

data/samples.json:4010

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/util-user-agent-node/latest.svg

data/samples.json:4043

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/util-user-agent-node

data/samples.json:4043

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/util-user-agent-node.svg

data/samples.json:4043

🔗

Medium External URL 外部 URL

https://www.npmjs.com/

data/samples.json:4043

🔗

Medium External URL 外部 URL

https://coveralls.io/repos/github/131/docker-sdk/badge.svg?branch=ma

data/samples.json:4064

🔗

Medium External URL 外部 URL

https://metorial.com

data/samples.json:4372

🔗

Medium External URL 外部 URL

https://ai-sdk.dev/providers/ai-sdk-providers/cohere

data/samples.json:4383

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@aws-sdk/middleware-recursion-detection/latest.svg

data/samples.json:5134

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@aws-sdk/middleware-recursion-detection

data/samples.json:5134

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@aws-sdk/middleware-recursion-detectio

data/samples.json:5134

File Tree

20 files · 356.5 KB · 16576 lines

JSON 5f · 14889L JavaScript 12f · 1442L Markdown 3f · 245L

├─ ▾ 📁 agents

│ ├─ ▾ 📁 analyzer

│ │ └─ 📜 agent.cjs JavaScript 21L · 560 B

│ ├─ ▾ 📁 collector

│ │ └─ 📜 agent.cjs JavaScript 167L · 5.1 KB

│ ├─ ▾ 📁 designer

│ │ └─ 📜 agent.cjs JavaScript 207L · 7.4 KB

│ ├─ ▾ 📁 evolver

│ │ └─ 📜 agent.cjs JavaScript 250L · 7.1 KB

│ ├─ ▾ 📁 fast-scanner

│ │ └─ 📜 agent.cjs JavaScript 118L · 3.1 KB

│ ├─ ▾ 📁 hyper-collector

│ │ └─ 📜 agent.cjs JavaScript 115L · 3.3 KB

│ ├─ ▾ 📁 orchestrator

│ │ └─ 📜 agent.cjs JavaScript 143L · 3.9 KB

│ ├─ ▾ 📁 perf-monitor

│ │ └─ 📜 agent.cjs JavaScript 116L · 2.8 KB

│ ├─ ▾ 📁 researcher

│ │ └─ 📜 agent.cjs JavaScript 21L · 552 B

│ ├─ ▾ 📁 scanner

│ │ └─ 📜 agent.cjs JavaScript 22L · 626 B

│ ├─ ▾ 📁 ultra-collector

│ │ └─ 📜 agent.cjs JavaScript 154L · 4.3 KB

│ └─ 🔑 config.json ⚠ JSON 8777L · 137.2 KB

├─ ▾ 📁 bin

│ └─ 📜 agent-manager.cjs JavaScript 108L · 4.5 KB

├─ ▾ 📁 data

│ ├─ 📋 design.json JSON 74L · 1.6 KB

│ ├─ 📋 orchestrator-stats.json JSON 50L · 896 B

│ ├─ 📋 perf-stats.json JSON 19L · 360 B

│ └─ 📋 samples.json JSON 5969L · 165.3 KB

├─ 📝 ARCHITECTURE.md Markdown 155L · 6.2 KB

├─ 📝 SKILL.md Markdown 60L · 1.2 KB

└─ 📝 TARGET.md Markdown 30L · 506 B

Security Positives

✓ No credential harvesting — code does not read ~/.ssh, ~/.aws, .env, or API keys

✓ No data exfiltration — no POST/remote connections to external IPs beyond declared npm registries

✓ No obfuscation — code is readable JavaScript, no base64 encoding or eval tricks

✓ No persistence mechanisms — no cron, startup scripts, or backdoor installation found

✓ No reverse shell or C2 infrastructure detected

Scan Report

Attack Chain 5 steps

Findings 7 items

File Tree

Security Positives