stella-selfie 安全扫描报告 — 可信 | ClawSafe

5 /100

stella-selfie

Generate persona-consistent selfie images using AI providers and send to OpenClaw channels

Legitimate image generation skill with proper capability declarations. The flagged base64 operations are standard API response decoding for image data, not code obfuscation.

技能名称stella-selfie

分析耗时49.3s

引擎pi

✓

可以安装

Skill is safe to use. No security concerns identified.

安全发现 1 项

严重性	安全发现	位置
低危	Minor capability over-declaration Bash permissions declare npm:, node:, and openclaw:, but only openclaw CLI is actually executed. This is a minor documentation imprecision without security impact. `allowed-tools: Bash(npm:) Bash(node:) Bash(openclaw:) Read Write` → Consider narrowing to just Bash(openclaw:*) for clarity, or document why npm and node access is needed.	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ,WRITE`	`READ,WRITE`	✓ 一致	SKILL.md, scripts/skill.ts:117 - reads IDENTITY.md, avatars; writes to ~/.opencl…
网络访问	`READ`	`READ`	✓ 一致	SKILL.md line 166 - calls Google Gemini API, fal API, laozhang.ai API
命令执行	`WRITE`	`WRITE`	✓ 一致	scripts/sender.ts:51 - executes openclaw message send CLI
环境变量	`READ`	`READ`	✓ 一致	GEMINI_API_KEY, FAL_KEY, LAOZHANG_API_KEY - all declared in SKILL.md metadata

2 严重 6 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(blob.data, "base64"

scripts/providers/gemini.ts:198

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(raw, "base64"

scripts/providers/laozhang.ts:227

🔗

中危外部 URL 外部 URL

https://api.laozhang.ai

SKILL.md:166

🔗

中危外部 URL 外部 URL

https://cdn.example.com/ref1.jpg

SKILL.md:232

🔗

中危外部 URL 外部 URL

https://cdn.example.com/ref2.jpg

SKILL.md:232

🔗

中危外部 URL 外部 URL

https://api.laozhang.ai/v1beta/models

scripts/providers/laozhang.ts:6

目录结构

12 文件 · 79.5 KB · 2381 行

TypeScript 8f · 1801L Markdown 2f · 520L JSON 2f · 60L

├─ ▾ 📁 references

│ └─ 📝 timeline-integration.md Markdown 262L · 11.3 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 providers

│ │ ├─ 📜 fal.ts TypeScript 120L · 3.2 KB

│ │ ├─ 📜 gemini.ts TypeScript 225L · 6.3 KB

│ │ └─ 📜 laozhang.ts TypeScript 251L · 6.4 KB

│ ├─ 📜 avatars.ts TypeScript 129L · 3.7 KB

│ ├─ 📜 errors.ts TypeScript 635L · 20.0 KB

│ ├─ 📜 identity.ts TypeScript 79L · 2.3 KB

│ ├─ 📜 sender.ts TypeScript 73L · 1.9 KB

│ └─ 📜 skill.ts TypeScript 289L · 9.3 KB

├─ 📋 package.json JSON 41L · 1.1 KB

├─ 📝 SKILL.md Markdown 258L · 13.5 KB

└─ 📋 tsconfig.json JSON 19L · 478 B

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`@google/genai`	`^0.7.0`	npm	否	Official Google SDK
`@fal-ai/client`	`^1.2.0`	npm	否	Official fal.ai SDK

安全亮点

✓ All API calls documented with data flow in SKILL.md External Endpoints section

✓ Credential requirements explicitly declared in metadata.openclaw.requires.env

✓ No credential harvesting or exfiltration detected

✓ Base64 operations are standard image decoding from typed API responses, not code obfuscation

✓ Filesystem writes are scoped to designated workspace directory ~/.openclaw/workspace/

✓ No remote script execution (curl|bash patterns)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ Shell execution limited to OpenClaw CLI for message delivery only