ClawDoctor 安全扫描报告 — 低风险 | ClawSafe

25 /100

ClawDoctor

OpenClaw Health Monitor & Fixer — real-time monitoring, one-click repair, security scanning, and web dashboard for OpenClaw

ClawDoctor is a legitimate OpenClaw health monitoring tool with undocumented system-level capabilities (process termination, shell commands, config modification) that create capability mismatches, but no confirmed malicious behavior was found.

技能名称ClawDoctor

分析耗时60.4s

引擎pi

✓

可以安装

Add SKILL.md declarations for shell:WRITE and filesystem:WRITE capabilities, unpin psutil in install.sh, and remove commented cloud exfiltration code. The tool should declare its process-killing and config-modification behaviors explicitly.

安全发现 4 项

严重性	安全发现	位置
中危	SKILL.md omits all shell execution and process manipulation 文档欺骗 SKILL.md only describes 'real-time monitoring' and 'one-click repair' without disclosing that the tool executes shell commands (pkill, launchctl, openclaw, tail, grep), terminates processes, and modifies configuration files in ~/.openclaw/ `SKILL.md: no mention of subprocess, process kill, config write, shell commands` → Add capability declarations: shell:WRITE (for process management), filesystem:WRITE (for config and log manipulation)	`SKILL.md:1`
低危	install.sh runs pip install without version pinning 供应链 The install script runs 'pip3 install psutil --user' without specifying a version or version range, allowing any psutil release to be installed. `pip3 install psutil --user` → Pin the dependency: pip3 install psutil==5.9.0 --user	`install.sh:13`
低危	Undeclared config file read/write 敏感访问 clawdoctor_simple.py reads and modifies ~/.openclaw/openclaw.json (backup, JSON validation, config patching) without declaring filesystem:WRITE access in SKILL.md. `json.dump(config, f, indent=2, ensure_ascii=False)` → Declare filesystem:WRITE in SKILL.md since the tool intentionally modifies OpenClaw configuration files	`clawdoctor_simple.py:137`
低危	Commented-out cloud exfiltration infrastructure 数据外泄 agent.py defines CONFIG with api_endpoint='https://api.clawdoctor.io/v1/heartbeat' and api_key, with a commented-out requests.post that would POST full system reports to an external cloud service. Not currently active but indicates exfiltration intent. `# response = requests.post(CONFIG['api_endpoint'], json=report, headers={'Authorization': f"Bearer {CONFIG['api_key']}"})` → Either remove the commented code entirely or clearly document cloud reporting as an opt-in feature with explicit user consent	`agent.py:17`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	install.sh:13 pip3 install; agent_v2.py:64 pkill -f; agent_v2.py:66 launchctl; c…
文件系统	`NONE`	`WRITE`	✗ 越权	clawdoctor_simple.py:137 json.dump modifies ~/.openclaw/openclaw.json; clawdocto…
网络访问	`NONE`	`READ`	✗ 越权	clawdoctor.py:77 curl http://127.0.0.1:18789/; agent.py:17 api.clawdoctor.io end…
环境变量	`NONE`	`NONE`	—	No environment variable harvesting found

1 高危 15 项发现

📡

高危 IP 地址硬编码 IP 地址

8.8.8.8

clawdoctor.py:305

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Health%20Monitor-blue?style=for-the-badge

README.md:4

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Python-3.10%2B-green?style=for-the-badge&logo=python&logoColor=white

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow?style=for-the-badge

README.md:6

🔗

中危外部 URL 外部 URL

http://127.0.0.1:8080/dashboard.html

README.md:22

🔗

中危外部 URL 外部 URL

https://api.clawdoctor.io/v1/heartbeat

agent.py:17

🔗

中危外部 URL 外部 URL

http://127.0.0.1:18789/

agent.py:34

🔗

中危外部 URL 外部 URL

https://cdn.tailwindcss.com

dashboard.html:7

🔗

中危外部 URL 外部 URL

http://127.0.0.1:52691

dashboard.html:199

🔗

中危外部 URL 外部 URL

http://127.0.0.1:64144

dashboard_simple.html:183

🔗

中危外部 URL 外部 URL

https://checkout.paddle.com/checkout/product/pri_01kkm07e93d54fat920xe9b5rs

payment.html:48

🔗

中危外部 URL 外部 URL

https://checkout.paddle.com/checkout/product/pri_01kkm09nvwj9ex7nssjf27kbch

payment.html:70

🔗

中危外部 URL 外部 URL

https://checkout.paddle.com/checkout/product/pri_01kkm0bk13cv93jam6nq3tvj88

payment.html:91

🔗

中危外部 URL 外部 URL

http://127.0.0.1:

server.py:117

📧

提示邮箱邮箱地址

[email protected]

README.md:122

目录结构

16 文件 · 116.2 KB · 3061 行

Python 7f · 1563L HTML 3f · 1084L Markdown 4f · 343L JSON 1f · 38L Shell 1f · 33L

├─ 🐍 agent_simple.py Python 84L · 2.5 KB

├─ 🐍 agent_v2.py Python 175L · 6.0 KB

├─ 🐍 agent.py Python 224L · 7.5 KB

├─ 🐍 clawdoctor_simple.py Python 353L · 11.3 KB

├─ 🐍 clawdoctor.py Python 465L · 15.2 KB

├─ 📄 dashboard_simple.html HTML 429L · 21.7 KB

├─ 📄 dashboard.html HTML 526L · 27.4 KB

├─ 🔧 install.sh Shell 33L · 991 B

├─ 📋 package.json JSON 38L · 935 B

├─ 📄 payment.html HTML 129L · 7.4 KB

├─ 📝 README_NEW.md Markdown 135L · 3.3 KB

├─ 📝 README.md Markdown 135L · 3.3 KB

├─ 📝 screenshot-placeholder.md Markdown 6L · 149 B

├─ 🐍 server_simple.py Python 114L · 3.3 KB

├─ 🐍 server.py Python 148L · 4.2 KB

└─ 📝 SKILL.md Markdown 67L · 1.0 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`psutil`	`unpinned`	pip	否	pip3 install without version constraint in install.sh:13; package.json specifies ^5.9.0 but install.sh ignores it

安全亮点

✓ No base64, eval, or obfuscated code found across all files

✓ No credential harvesting loops (no iteration through os.environ for secrets)

✓ No curl|bash or wget|sh remote script execution

✓ No reverse shell, C2 communication, or confirmed data exfiltration

✓ No hidden instructions in HTML comments

✓ No access to ~/.ssh, ~/.aws, .env, or other credential paths

✓ Process termination is scoped to openclaw-gateway processes only

✓ Cloud reporting code is commented out (not active)

✓ Local-only logging saves to ~/.clawdoctor/ with no external transmission