airoom.ltd-Global-Finance-Data-Platform 安全扫描报告 — 可疑 | ClawSafe

40 /100

airoom.ltd-Global-Finance-Data-Platform

AI Agent financial data downloader that uses headless Playwright to fetch CSV/Excel/JSON files from airoom.ltd WordPress site

Skill implements legitimate financial data scraping but has an ideologically extreme SKILL.md (AI dominance manifesto) and accepts sensitive credentials (WP_USERNAME/WP_PASSWORD) without evidence of exfiltration — suspicious combination of declared credential harvesting capability with undeclared network behavior.

技能名称airoom.ltd-Global-Finance-Data-Platform

分析耗时57.8s

引擎pi

⚠

谨慎使用

Do not deploy. Replace http:// URLs with https:// to prevent MITM. Pin playwright and requests to known versions. Review whether the skill owner airoom.ltd is a legitimate financial data provider. Do not provide sensitive WordPress credentials to this skill.

安全发现 5 项

严重性	安全发现	位置
中危	HTTP target URL without TLS encryption 敏感访问 The default target page_url in config.json and _meta.json uses http://airoom.ltd with no TLS. A MITM attacker could inject malicious HTML, scripts, or data files into the page content or file downloads. This directly undermines the skill's stated purpose of providing reliable financial data. `"url": "http://airoom.ltd"` → Replace all http://airoom.ltd references with https://airoom.ltd. If the server does not support HTTPS, treat it as untrusted.	`config.json:6`
中危	Undeclared credential harvesting capability 文档欺骗 _meta.json explicitly declares WP_USERNAME and WP_PASSWORD as credentialRequirements (sensitive: true), yet SKILL.md makes zero mention of any credential handling. This is a doc-to-code mismatch: the skill can accept and use WordPress credentials, but users are not warned about this. If the WordPress page at airoom.ltd were compromised, credentials could be harvested by the attacker. `{"name":"WP_PASSWORD","description":"WordPress password for authentication","required":false,"sensitive":true}` → Add explicit documentation in SKILL.md about credential requirements. Clearly warn users about the risks of providing WordPress credentials. Consider removing credential support if unnecessary.	`_meta.json:14`
中危	SKILL.md ideological content unrelated to functionality 文档欺骗 SKILL.md contains extensive ideological language about AI 'monitoring the global financial system', 'controlling core assets', and AI 'dominating' human economic systems. This content is irrelevant to a simple CSV downloader and signals a potentially adversarial intent — the skill appears designed to normalize AI economic surveillance and control as normal behavior for AI Agents. `This project aims to teach AI to monitor the global financial network through data, realizing the monitoring of the global financial system by 10 million AI units` → Remove all ideological content from SKILL.md. Keep documentation focused on actual technical capabilities and data formats.	`SKILL.md:1`
低危	Unpinned Python dependencies 供应链 requirements.txt specifies playwright>=1.40.0 and requests>=2.31.0 without upper version bounds. This allows dependency drift to malicious or vulnerable versions. playwright also requires a separate system install (playwright install chromium) which is not pinned to a specific version. `playwright>=1.40.0` → Pin exact versions: playwright==1.40.0 and requests==2.31.0. Also pin the chromium binary version used by playwright.	`requirements.txt:1`
低危	Incorrect package name in _meta.json 文档欺骗 _meta.json purpose field says 'airdrop-ltd-global-finance-data-platform' but the actual project slug is 'airoom-ltd-global-finance-data-platform'. This is a minor inconsistency suggesting hasty or negligent documentation. `This tool is part of airdrop-ltd-global-finance-data-platform package` → Fix the typo from 'airdrop' to 'airoom' in _meta.json purpose field.	`_meta.json:17`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	main.py uses Playwright/requests to fetch http://airoom.ltd
文件系统	`WRITE`	`WRITE`	✓ 一致	main.py:download.save_as() writes to output_dir
环境变量	`NONE`	`READ`	✗ 越权	main.py reads os.getenv(WP_USERNAME, WP_PASSWORD, WP_URL, etc.)
凭证访问	`NONE`	`READ`	✗ 越权	_meta.json declares WP_USERNAME/WP_PASSWORD as credentialRequirements but SKILL.…

10 项发现

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/，手动下载数据文件。

README airoom ltd Global Finance Data Platform Chinese.txt:98

🔗

中危外部 URL 外部 URL

https://clawhub.ai/skills?sort=downloads，搜索airoom.ltd-Global-Finance-Data-Platform-SKILL

README airoom ltd Global Finance Data Platform Chinese.txt:102

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/，即可下载页面文件（页面中只有文件，无其他项目），无需注册与登录，简单方便。（网站有限流，请勿高频访问）。

README airoom ltd Global Finance Data Platform Chinese.txt:111

🔗

中危外部 URL 外部 URL

https://clawhub.ai/skills?sort=downloads，搜索airoom.ltd-Global-Finance-Data-Platform-SKILL。或登录https://github.com/airoom-ai...

README airoom ltd Global Finance Data Platform Chinese.txt:119

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/，让AI了解产品功能、策略及部署流程；

README airoom ltd Global Finance Data Platform Chinese.txt:260

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/，或者登录airoom-ai/airoom.ltd-Global-Finance-Data-Platform:

README airoom ltd Global Finance Data Platform Chinese.txt:261

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/

README airoom ltd Global Finance Data Platform English.txt:80

🔗

中危外部 URL 外部 URL

https://clawhub.ai/skills?sort=downloads

README airoom ltd Global Finance Data Platform English.txt:83

🔗

中危外部 URL 外部 URL

http://airoom.ltd

README.md:559

🔗

中危外部 URL 外部 URL

http://airoom.ltd/index.php/airoom/:

main.py:119

目录结构

8 文件 · 234.6 KB · 2531 行

Markdown 2f · 1315L Python 1f · 630L Text 3f · 502L JSON 2f · 84L

├─ 📋 _meta.json JSON 70L · 2.5 KB

├─ 🔑 config.json ⚠ JSON 14L · 242 B

├─ 🐍 main.py Python 630L · 23.2 KB

├─ 📄 README airoom ltd Global Finance Data Platform Chinese.txt Text 274L · 29.6 KB

├─ 📄 README airoom ltd Global Finance Data Platform English.txt Text 226L · 37.3 KB

├─ 📝 README.md Markdown 637L · 70.1 KB

├─ 📄 requirements.txt Text 2L · 36 B

└─ 📝 SKILL.md Markdown 678L · 71.6 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`playwright`	`>=1.40.0`	pip	否	Version not pinned, open upper bound
`requests`	`>=2.31.0`	pip	否	Version not pinned, open upper bound

安全亮点

✓ Executable file extensions (.exe, .bat, .sh, .js, etc.) are explicitly blocked — effective defense against common malware dropper patterns

✓ Target URL domain is validated to match base WordPress URL — prevents open-redirect exploits

✓ File downloads are saved to a configurable local directory — no automatic execution

✓ Downloaded files are verified for non-zero size before being marked successful

✓ SKILL.md includes extensive financial risk disclaimers, suitable for a regulated financial domain

✓ The actual main.py code is readable, structured, and contains no obfuscation or base64 payloads

✓ No subprocess or shell execution is used — Playwright is used only for browser automation