中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 12/100
上次扫描:1 天前 重新扫描
12 /100
gateway-monitor-macos
Install and operate a local OpenClaw Gateway Monitor stack on macOS with LaunchAgent + watchdog
This is a legitimate local macOS monitoring dashboard for OpenClaw Gateway with no malicious behavior. All network requests are outbound HTTPS to known APIs, credential access is limited to the local OpenClaw auth store for usage monitoring, and shell execution is documented and relevant to the monitoring functionality.
技能名称gateway-monitor-macos
分析耗时72.8s
引擎pi
可以安装
This skill is safe to use. The main concern is the local HTTP server on port 18990 being accessible to other local processes - ensure the machine is not shared or exposed.

安全发现 2 项

严重性 安全发现 位置
低危
Local HTTP server without authentication 敏感访问
server.js creates an unauthenticated HTTP server on port 18990. Any local process or user on the macOS machine can query /api/* endpoints including session data, gateway status, and MiniMax API responses.
const PORT = Number(process.env.PORT || 18990);
const server = http.createServer(...)
→ Consider adding localhost authentication or binding to a socket with restricted permissions if the machine is multi-user.
 assets/gateway-monitor/server.js:1
低危
SKILL.md does not mention network:READ capability 文档欺骗
SKILL.md only describes install/status/uninstall scripts but does not declare that the monitor runs a web server making external API calls to MiniMax and GitHub.
Run this skill when you need a reproducible install of gateway monitor + watchdog on macOS.
→ Add a 'Capabilities' or 'Network' section to SKILL.md describing the external API calls (MiniMax coding plan check, GitHub releases check).
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 install.sh:45-89 writes plists, rsync copies files to ~/.openclaw/
命令执行 WRITE WRITE ✓ 一致 install.sh runs launchctl, rsync, chmod; server.js:297 execSync for gateway stat…
网络访问 READ READ ✓ 一致 server.js:29-32 makes outbound HTTPS calls to minimaxi.com and GitHub API
环境变量 NONE READ ✓ 一致 server.js:318 reads MINIMAX_CP_KEY from env - documented purpose for API auth
技能调用 NONE INVOKE ✓ 一致 This is the skill itself
4 项发现
🔗
中危 外部 URL 外部 URL
https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains
assets/gateway-monitor/server.js:29
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9981/v1/models
assets/gateway-monitor/server.js:32
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9981
assets/gateway-monitor/server.js:154
🔗
中危 外部 URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd
scripts/install.sh:44

目录结构

8 文件 · 127.9 KB · 3870 行
JavaScript 1f · 1974L HTML 1f · 1642L Shell 4f · 186L Markdown 2f · 68L
├─ 📁 assets
│ └─ 📁 gateway-monitor
│ ├─ 📁 public
│ │ └─ 📄 index.html HTML 1642L · 62.8 KB
│ ├─ 🔧 gateway-watchdog.sh Shell 33L · 1.5 KB
│ └─ 📜 server.js JavaScript 1974L · 57.9 KB
├─ 📁 scripts
│ ├─ 🔧 install.sh Shell 120L · 3.3 KB
│ ├─ 🔧 status.sh Shell 17L · 417 B
│ └─ 🔧 uninstall.sh Shell 16L · 452 B
├─ 📝 README.md Markdown 22L · 464 B
└─ 📝 SKILL.md Markdown 46L · 1.0 KB

安全亮点

✓ No base64-encoded payloads or obfuscated code found
✓ No reverse shell, C2, or data exfiltration to external IPs
✓ MiniMax API key is read from local OpenClaw auth store and only used to query usage - not exfiltrated
✓ All external network calls are outbound HTTPS to legitimate APIs (MiniMax, GitHub, local OMLX)
✓ File operations are scoped to ~/.openclaw/ directory only
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or system credentials
✓ LaunchAgent persistence is explicitly declared and relevant to the skill's purpose
✓ execSync usage is limited to reading gateway status via CLI tools - documented and necessary
✓ No curl|bash or wget|sh remote script execution patterns
✓ No prompt injection, supply chain risks, or credential harvesting for external theft