Setup Multi Gateway Security Report — Low Risk | ClawSafe

28 /100

Setup Multi Gateway

配置和运行多个独立的 OpenClaw 网关实例。配合 feishu-agent-send 技能实现多 Agent 自主协作。

Legitimate multi-gateway configuration wizard with a high-risk hardcoded API key that is injected into user configuration files, plus undeclared shell execution and network IP detection not documented in SKILL.md.

Skill NameSetup Multi Gateway

Duration47.1s

Enginepi

✓

Safe to install

Replace the hardcoded API_KEY placeholder with environment-variable-based injection or user-provided keys. Add shell:WRITE and network:READ declarations to SKILL.md. This is not malicious but presents supply-chain and credential-handling risks.

Findings 4 items

Severity	Finding	Location
High	Hardcoded API key injected into user models.json Credential Theft A hardcoded API key 'sk-sp-319b5ed947404131b3b12e5211592b46' is defined at line 36 and injected into the models.json template via string replacement. This means every user of this skill gets this API key written into their configuration, potentially exposing a shared credential. If the key is valid, multiple users share the same API quota. If it's a honeypot or revoked, it may be a tracking mechanism. `const API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46';` → Replace with a clearly-labeled placeholder (e.g., '$YOUR_API_KEY') and prompt users to provide their own key, or use a secure credential injection mechanism.	`mg-wizard.cjs:36`
Medium	Undeclared shell execution capability Doc Mismatch SKILL.md describes this as a configuration wizard invoked via 'openclaw mg' but does not disclose that the implementation extensively uses execSync for: systemctl commands (start/stop/enable/disable/list-units), journalctl, ss/netstat, grep, hostname, curl (multiple external services), and 'openclaw pairing' subcommand. This constitutes ~30+ shell:WRITE operations not declared in the documentation. `const { execSync } = require('child_process');` → Document all shell operations in SKILL.md, particularly systemctl service management, IP detection via curl, and openclaw CLI invocations.	`mg-wizard.cjs:14`
Medium	Undeclared external network requests Doc Mismatch The getServerIP() function makes requests to ifconfig.me, api.ipify.org, and icanhazip.com to determine the server's public IP for allowedOrigins configuration. These outbound HTTP requests are not declared in SKILL.md. `'curl -s ifconfig.me', 'curl -s api.ipify.org', 'curl -s icanhazip.com'` → Declare network:READ in allowed-tools and document that the skill probes external IP detection services.	`mg-wizard.cjs:97`
Low	SKILL.md version mismatch Doc Mismatch SKILL.md declares version 1.0.39 but _meta.json declares version 1.1.2. Additionally, SKILL.md references version 1.1.2 in its footer. This minor version drift could indicate incomplete documentation updates. `技能版本: 1.1.2 (SKILL.md footer) vs 1.0.39 (SKILL.md header)` → Ensure SKILL.md version header matches _meta.json and footer consistently.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	mg-wizard.cjs:14 (const { execSync } = require('child_process')) — 30+ execSync …
Filesystem	`NONE`	`WRITE`	✗ Violation	mg-wizard.cjs:many — writes configs to ~/.openclaw/, creates systemd services un…
Network	`NONE`	`READ`	✗ Violation	mg-wizard.cjs:97-103 — curl to ifconfig.me, api.ipify.org, icanhazip.com for IP …
Environment	`NONE`	`READ`	✗ Violation	mg-wizard.cjs:176 — process.env.HOME used throughout
Skill Invoke	`NONE`	`ADMIN`	✗ Violation	mg-wizard.cjs:1395 — executes 'openclaw pairing' and 'openclaw --version' as ext…

1 High 4 findings

🔑

High API Key 疑似硬编码凭证

API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46'

mg-wizard.cjs:36

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/feishu-agent-send

README.md:9

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

README.md:256

🔗

Medium External URL 外部 URL

https://clawhub.com

README.md:257

File Tree

5 files · 68.9 KB · 1968 lines

JavaScript 1f · 1403L Markdown 3f · 555L JSON 1f · 10L

├─ 📋 _meta.json JSON 10L · 581 B

├─ 📝 CHANGELOG.md Markdown 29L · 711 B

├─ 📜 mg-wizard.cjs JavaScript 1403L · 55.0 KB

├─ 📝 README.md Markdown 263L · 6.3 KB

└─ 📝 SKILL.md Markdown 263L · 6.3 KB

Security Positives

✓ Skill has a rollback mechanism for failed gateway creation

✓ Configuration validation (JSON parse check) before writing

✓ Interactive confirmation prompts before destructive operations

✓ Supports skipping Feishu configuration for pure local deployments

✓ Memory limits correctly calculated from /proc/meminfo

✓ No obfuscation, base64 encoding, or anti-analysis techniques found

✓ No attempts to access ~/.ssh, ~/.aws, .env, or other credential paths

✓ No data exfiltration patterns (no POSTs of credentials to external servers)

✓ systemd service creation is appropriate for the tool's deployment purpose

✓ Clear and detailed documentation for legitimate multi-gateway setup use case

Scan Report

Findings 4 items

File Tree

Security Positives