中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 28/100
上次扫描:1 天前 重新扫描
28 /100
Setup Multi Gateway
配置和运行多个独立的 OpenClaw 网关实例。配合 feishu-agent-send 技能实现多 Agent 自主协作。
Legitimate multi-gateway configuration wizard with a high-risk hardcoded API key that is injected into user configuration files, plus undeclared shell execution and network IP detection not documented in SKILL.md.
技能名称Setup Multi Gateway
分析耗时47.1s
引擎pi
可以安装
Replace the hardcoded API_KEY placeholder with environment-variable-based injection or user-provided keys. Add shell:WRITE and network:READ declarations to SKILL.md. This is not malicious but presents supply-chain and credential-handling risks.

安全发现 4 项

严重性 安全发现 位置
高危
Hardcoded API key injected into user models.json 凭证窃取
A hardcoded API key 'sk-sp-319b5ed947404131b3b12e5211592b46' is defined at line 36 and injected into the models.json template via string replacement. This means every user of this skill gets this API key written into their configuration, potentially exposing a shared credential. If the key is valid, multiple users share the same API quota. If it's a honeypot or revoked, it may be a tracking mechanism.
const API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46';
→ Replace with a clearly-labeled placeholder (e.g., '$YOUR_API_KEY') and prompt users to provide their own key, or use a secure credential injection mechanism.
 mg-wizard.cjs:36
中危
Undeclared shell execution capability 文档欺骗
SKILL.md describes this as a configuration wizard invoked via 'openclaw mg' but does not disclose that the implementation extensively uses execSync for: systemctl commands (start/stop/enable/disable/list-units), journalctl, ss/netstat, grep, hostname, curl (multiple external services), and 'openclaw pairing' subcommand. This constitutes ~30+ shell:WRITE operations not declared in the documentation.
const { execSync } = require('child_process');
→ Document all shell operations in SKILL.md, particularly systemctl service management, IP detection via curl, and openclaw CLI invocations.
 mg-wizard.cjs:14
中危
Undeclared external network requests 文档欺骗
The getServerIP() function makes requests to ifconfig.me, api.ipify.org, and icanhazip.com to determine the server's public IP for allowedOrigins configuration. These outbound HTTP requests are not declared in SKILL.md.
'curl -s ifconfig.me', 'curl -s api.ipify.org', 'curl -s icanhazip.com'
→ Declare network:READ in allowed-tools and document that the skill probes external IP detection services.
 mg-wizard.cjs:97
低危
SKILL.md version mismatch 文档欺骗
SKILL.md declares version 1.0.39 but _meta.json declares version 1.1.2. Additionally, SKILL.md references version 1.1.2 in its footer. This minor version drift could indicate incomplete documentation updates.
**技能版本**: 1.1.2 (SKILL.md footer) vs 1.0.39 (SKILL.md header)
→ Ensure SKILL.md version header matches _meta.json and footer consistently.
 SKILL.md:1
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 mg-wizard.cjs:14 (const { execSync } = require('child_process')) — 30+ execSync …
文件系统 NONE WRITE ✗ 越权 mg-wizard.cjs:many — writes configs to ~/.openclaw/, creates systemd services un…
网络访问 NONE READ ✗ 越权 mg-wizard.cjs:97-103 — curl to ifconfig.me, api.ipify.org, icanhazip.com for IP …
环境变量 NONE READ ✗ 越权 mg-wizard.cjs:176 — process.env.HOME used throughout
技能调用 NONE ADMIN ✗ 越权 mg-wizard.cjs:1395 — executes 'openclaw pairing' and 'openclaw --version' as ext…
1 高危 4 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46'
mg-wizard.cjs:36
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/feishu-agent-send
README.md:9
🔗
中危 外部 URL 外部 URL
https://docs.openclaw.ai
README.md:256
🔗
中危 外部 URL 外部 URL
https://clawhub.com
README.md:257

目录结构

5 文件 · 68.9 KB · 1968 行
JavaScript 1f · 1403L Markdown 3f · 555L JSON 1f · 10L
├─ 📋 _meta.json JSON 10L · 581 B
├─ 📝 CHANGELOG.md Markdown 29L · 711 B
├─ 📜 mg-wizard.cjs JavaScript 1403L · 55.0 KB
├─ 📝 README.md Markdown 263L · 6.3 KB
└─ 📝 SKILL.md Markdown 263L · 6.3 KB

安全亮点

✓ Skill has a rollback mechanism for failed gateway creation
✓ Configuration validation (JSON parse check) before writing
✓ Interactive confirmation prompts before destructive operations
✓ Supports skipping Feishu configuration for pure local deployments
✓ Memory limits correctly calculated from /proc/meminfo
✓ No obfuscation, base64 encoding, or anti-analysis techniques found
✓ No attempts to access ~/.ssh, ~/.aws, .env, or other credential paths
✓ No data exfiltration patterns (no POSTs of credentials to external servers)
✓ systemd service creation is appropriate for the tool's deployment purpose
✓ Clear and detailed documentation for legitimate multi-gateway setup use case