claw-body Security Report — Suspicious | ClawSafe

45 /100

claw-body

Give your Claw a body! Turn your AI Claw into a real-time digital avatar with face, voice, and expressions powered by NuwaAI

Skill provides legitimate digital avatar functionality but uses undeclared shell execution via execSync for presentation parsing, creating a capability gap between documented and actual behavior.

Skill Nameclaw-body

Duration40.0s

Enginepi

⚠

Use with caution

Declare shell:WRITE permission in SKILL.md metadata if execSync is required for presentation parsing, or refactor to avoid subprocess execution.

Findings 4 items

Severity	Finding	Location
High	Undeclared shell execution via execSync server.mjs uses child_process.execSync to execute python3 scripts for presentation parsing. This is not declared in SKILL.md metadata (which only lists 'node' as required binary). const { execSync } = await import('child_process'); const result = execSync(`python3 "${scriptPath}" "${tmpPath}"` → Declare shell:WRITE permission or document this behavior explicitly in SKILL.md	`server.mjs:305`
Medium	Demo API key present in source code DEMO_CONFIG contains what appears to be a valid NuwaAI API key for free trial mode. Code comments state these are 'NuwaAI-issued public demo keys with limited quota, NOT user credentials.' `apiKey: "sk-ody1Xk9lw_vXkRWEPnaO8OwTFB9gbCnng2EWUl5jNbzolDSlFItc9DvWqrr6RLcL"` → Confirm with NuwaAI that these are truly public demo keys with no associated cost or data exposure risk	`server.mjs:34`
Low	Permissive CORS configuration Server sets Access-Control-Allow-Origin to '' for local development. Acceptable for localhost-only service but worth noting. `res.setHeader("Access-Control-Allow-Origin", "");` → Restrict to specific origins in production if deployed outside localhost	`server.mjs:135`
Low	Undeclared filesystem read access Reads ~/.openclaw/openclaw.json for gateway token and config. While this is documented in SKILL.md setup instructions, it's not declared in metadata capability requirements. `const OPENCLAW_CFG_PATH = path.join(process.env.HOME, ".openclaw", "openclaw.json");` → Document filesystem:READ access for OpenClaw config in SKILL.md	`server.mjs:18`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	server.mjs:18 reads ~/.openclaw/openclaw.json
Filesystem	`NONE`	`WRITE`	✓ Aligned	server.mjs:56 writes .nuwa-config.json
Shell	`NONE`	`WRITE`	✗ Violation	server.mjs:305-308 execSync python3 for presentation parsing
Network	`READ`	`READ`	✓ Aligned	server.mjs:206-215 fetches nuwaai.com API

1 High 3 findings

🔑

High API Key 疑似硬编码凭证

apiKey: "sk-ody1Xk9lw_vXkRWEPnaO8OwTFB9gbCnng2EWUl5jNbzolDSlFItc9DvWqrr6RLcL"

server.mjs:34

🔗

Medium External URL 外部 URL

https://nuwaai.com

SKILL.md:25

🔗

Medium External URL 外部 URL

https://api.nuwaai.com/web/apiKey/auth

server.mjs:215

File Tree

6 files · 106.0 KB · 2739 lines

HTML 1f · 1680L JavaScript 3f · 862L Markdown 1f · 192L JSON 1f · 5L

├─ ▾ 📁 public

│ ├─ 📜 i18n.js JavaScript 230L · 10.3 KB

│ ├─ 📄 index.html HTML 1680L · 66.3 KB

│ └─ 📜 pcm-processor.js JavaScript 53L · 1.4 KB

├─ 📋 _meta.json JSON 5L · 128 B

├─ 📜 server.mjs JavaScript 579L · 21.5 KB

└─ 📝 SKILL.md Markdown 192L · 6.4 KB

Security Positives

✓ No evidence of credential harvesting or exfiltration

✓ No base64-encoded or obfuscated malicious code patterns

✓ No reverse shell, C2, or data theft indicators

✓ Network requests are to legitimate NuwaAI service (documented and necessary)

✓ Presentation parsing execSync is within documented feature scope

✓ No hidden HTML comments or steganography detected

✓ User API keys are stored in local config file, not hardcoded

Scan Report

Findings 4 items

File Tree

Security Positives