中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:1 天前 重新扫描
45 /100
1panel
Comprehensive 1Panel server management skill for AI agents — 580+ API endpoints
The skill is a legitimate 1Panel API client with no direct malicious code, but its SKILL.md severely under-reports exposed capabilities (exec_command, file write, SSH management, process kill) that are not declared in the documented command surface.
技能名称1panel
分析耗时99.4s
引擎pi
谨慎使用
Add exec_command, file write/delete, SSH key management, process kill, and host management to SKILL.md if they are intended features. If these capabilities are unintentional leakage from the underlying API library, restrict the CLI entry point to only the documented commands.

安全发现 8 项

严重性 安全发现 位置
中危
Undeclared arbitrary command execution via 1Panel Terminal API 文档欺骗
SKILL.md documents only 12 CLI commands (containers, images, websites, etc.), but the underlying tools layer exposes 'exec_command' which sends arbitrary shell commands to the 1Panel server via /api/v2/hosts/command. This is a fundamental system-level capability completely absent from SKILL.md.
case "exec_command": return await client.execCommand(args?.command, args?.cwd);
→ Either remove exec_command from the tools layer or document it prominently in SKILL.md's command table with a warning about its destructive potential.
 src/tools/system.ts:17
中危
Undeclared filesystem write and delete operations 文档欺骗
SKILL.md lists 'files <path>' as a read-only listing command, but the underlying FileAPI supports save(), delete(), chmod(), chown(), compress(), decompress() with no path restrictions. A compromised agent could overwrite system files, change permissions, or delete directories on the managed server.
async save(path: string, content: string): Promise<any> { return this.post('/api/v2/files/save', { path, content }); }
→ Document the full scope of file operations in SKILL.md or add guardrails to restrict paths to non-system directories.
 src/api/files.ts:70
中危
Undeclared SSH credential and key management 文档欺骗
SKILL.md does not mention SSH management at all. The host.ts tools expose creating hosts with password or privateKey credentials, generating SSH keys, and modifying SSH configurations. These are sensitive infrastructure operations not declared in the skill documentation.
{ name: 'create_host', description: 'Create host', inputSchema: { properties: { password: { type: 'string' }, privateKey: { type: 'string' } } }
→ Add SSH/host management to SKILL.md if intended, or restrict these tools from the exported skill interface.
 src/tools/host.ts:3
中危
Undeclared process kill capability 文档欺骗
The 'kill_process' tool in system.ts can kill arbitrary processes by PID with no restrictions declared in SKILL.md. This could be used to disrupt services.
case "kill_process": return await client.killProcess(args?.pid);
→ Document process management capabilities or remove kill_process from the exported tools.
 src/tools/system.ts:17
中危
SKILL.md claims 580+ API endpoints but CLI exposes ~12 commands 文档欺骗
SKILL.md advertises '580+ API endpoints covering containers, databases, websites, SSL, file management, system monitoring, and more', implying broad access. However, the 1panel.mjs CLI only exposes ~12 commands. The gap between the library's 200+ methods and the CLI's documented surface creates a misleading impression of limited scope.
Full access to 580+ API endpoints covering containers, databases, websites, SSL, file management, system monitoring, and more.
→ Clarify the distinction between the CLI command surface and the full library API. The CLI commands should match what SKILL.md documents.
 SKILL.md:1
低危
Unpinned dependency versions in package.json 供应链
devDependencies use caret (^) version ranges: '@types/node': '^20.19.37', 'typescript': '^5.9.3'. This allows installing newer potentially vulnerable versions without review.
"@types/node": "^20.19.37"
→ Pin exact versions (no ^) for devDependencies to ensure reproducible builds.
 package.json:28
低危
OPENCLAW_INSTALL.md contains 'rm -rf ~' command 文档欺骗
Line 175 of OPENCLAW_INSTALL.md shows 'rm -rf ~/.openclaw/skills/1panel' as an uninstall example. The use of '~' shell expansion in documentation is a dangerous pattern — if executed literally without shell expansion, it could resolve unexpectedly. Here it is documentation text, not executable code, so the risk is low.
rm -rf ~/.openclaw/skills/1panel
→ Use full path '/root' or '$HOME' instead of '~' for clarity.
 OPENCLAW_INSTALL.md:175
低危
No input validation or path restrictions on file operations 权限提升
File operations accept arbitrary paths with no validation to prevent access to system directories like /etc, /root, /home. Combined with undeclared WRITE access, this could allow modification of sensitive system files.
async getContent(path: string): Promise<any> { return this.post('/api/v2/files/content', { path }); }
→ Add path validation to restrict file operations to user-accessible directories.
 src/api/files.ts:30
资源类型声明权限推断权限状态证据
网络访问 NONE READ ✓ 一致 ONEPANEL_HOST env var, BaseAPI makes HTTP requests to 1Panel server
文件系统 NONE WRITE ✗ 越权 src/api/files.ts:FileAPI.save() — file write not declared in SKILL.md
命令执行 NONE WRITE ✗ 越权 src/tools/system.ts:exec_command — arbitrary command execution via 1Panel Termin…
环境变量 NONE READ ✓ 一致 ONEPANEL_API_KEY, ONEPANEL_HOST, ONEPANEL_PORT, ONEPANEL_PROTOCOL read from env
技能调用 READ READ ✓ 一致 SKILL.md defines CLI commands
数据库 NONE WRITE ✗ 越权 src/api/database.ts — create/delete/operate databases, not declared in SKILL.md
浏览器 NONE NONE No browser access found
剪贴板 NONE NONE No clipboard access found
1 严重 1 高危 7 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf ~
OPENCLAW_INSTALL.md:175
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY="your-1panel-api-key"
OPENCLAW_INSTALL.md:37
🔗
中危 外部 URL 外部 URL
https://img.shields.io/npm/v/1panel-skill.svg
README.md:3
🔗
中危 外部 URL 外部 URL
https://www.npmjs.com/package/1panel-skill
README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:4
🔗
中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT
README.md:4
🔗
中危 外部 URL 外部 URL
https://1panel.cn/
README.md:390

目录结构

89 文件 · 274.5 KB · 7826 行
TypeScript 75f · 5671L Markdown 7f · 1320L Python 3f · 476L JavaScript 2f · 286L JSON 2f · 73L
├─ 📁 scripts
│ ├─ 📜 1panel.mjs JavaScript 129L · 4.0 KB
│ ├─ 🐍 generate_all_apis_fixed.py Python 156L · 5.1 KB
│ ├─ 🐍 generate_all_apis.py Python 180L · 6.0 KB
│ ├─ 🐍 generate_apis.py Python 140L · 4.6 KB
│ └─ 📜 generate-api.cjs JavaScript 157L · 4.1 KB
├─ 📁 src
│ ├─ 📁 api
│ │ ├─ 📜 ai.ts TypeScript 222L · 6.7 KB
│ │ ├─ 📜 apps.ts TypeScript 164L · 4.8 KB
│ │ ├─ 📜 backup.ts TypeScript 19L · 529 B
│ │ ├─ 📜 backupaccount.ts TypeScript 137L · 3.9 KB
│ │ ├─ 📜 base.ts TypeScript 39L · 1.1 KB
│ │ ├─ 📜 clam.ts TypeScript 76L · 2.1 KB
│ │ ├─ 📜 composes.ts TypeScript 43L · 1.3 KB
│ │ ├─ 📜 container.ts TypeScript 101L · 2.9 KB
│ │ ├─ 📜 cronjobs.ts TypeScript 96L · 2.6 KB
│ │ ├─ 📜 dashboard.ts TypeScript 92L · 2.6 KB
│ │ ├─ 📜 database.ts TypeScript 227L · 6.8 KB
│ │ ├─ 📜 device.ts TypeScript 60L · 1.6 KB
│ │ ├─ 📜 disk.ts TypeScript 52L · 1.0 KB
│ │ ├─ 📜 fail2ban.ts TypeScript 80L · 1.9 KB
│ │ ├─ 📜 file.ts TypeScript 241L · 4.9 KB
│ │ ├─ 📜 files.ts TypeScript 277L · 7.1 KB
│ │ ├─ 📜 firewall.ts TypeScript 91L · 2.7 KB
│ │ ├─ 📜 ftp.ts TypeScript 93L · 1.9 KB
│ │ ├─ 📜 gpu.ts TypeScript 17L · 386 B
│ │ ├─ 📜 host.ts TypeScript 166L · 4.1 KB
│ │ ├─ 📜 images.ts TypeScript 43L · 1.3 KB
│ │ ├─ 📜 index.ts TypeScript 60L · 1.7 KB
│ │ ├─ 📜 logs.ts TypeScript 44L · 1.2 KB
│ │ ├─ 📜 monitor.ts TypeScript 44L · 1.1 KB
│ │ ├─ 📜 networks.ts TypeScript 19L · 545 B
│ │ ├─ 📜 node.ts TypeScript 24L · 610 B
│ │ ├─ 📜 ollama.ts TypeScript 52L · 1.1 KB
│ │ ├─ 📜 openresty.ts TypeScript 59L · 1.3 KB
│ │ ├─ 📜 php.ts TypeScript 66L · 1.7 KB
│ │ ├─ 📜 process.ts TypeScript 52L · 1.4 KB
│ │ ├─ 📜 recyclebin.ts TypeScript 31L · 677 B
│ │ ├─ 📜 runtime.ts TypeScript 171L · 5.0 KB
│ │ ├─ 📜 settings.ts TypeScript 291L · 8.2 KB
│ │ ├─ 📜 snapshot.ts TypeScript 71L · 2.0 KB
│ │ ├─ 📜 ssh.ts TypeScript 96L · 2.6 KB
│ │ ├─ 📜 system.ts TypeScript 11L · 278 B
│ │ ├─ 📜 task.ts TypeScript 17L · 388 B
│ │ ├─ 📜 terminal.ts TypeScript 21L · 586 B
│ │ ├─ 📜 volumes.ts TypeScript 19L · 513 B
│ │ └─ 📜 website.ts TypeScript 528L · 14.8 KB
│ ├─ 📁 tools
│ │ ├─ 📜 ai.ts TypeScript 69L · 7.5 KB
│ │ ├─ 📜 app.ts TypeScript 18L · 1.1 KB
│ │ ├─ 📜 backup.ts TypeScript 31L · 3.3 KB
│ │ ├─ 📜 clam.ts TypeScript 30L · 2.6 KB
│ │ ├─ 📜 compose.ts TypeScript 28L · 2.4 KB
│ │ ├─ 📜 container.ts TypeScript 54L · 5.6 KB
│ │ ├─ 📜 cronjob.ts TypeScript 14L · 785 B
│ │ ├─ 📜 database.ts TypeScript 54L · 6.8 KB
│ │ ├─ 📜 device.ts TypeScript 22L · 1.8 KB
│ │ ├─ 📜 disk.ts TypeScript 18L · 1.3 KB
│ │ ├─ 📜 fail2ban.ts TypeScript 22L · 2.0 KB
│ │ ├─ 📜 file.ts TypeScript 44L · 5.0 KB
│ │ ├─ 📜 firewall.ts TypeScript 14L · 859 B
│ │ ├─ 📜 ftp.ts TypeScript 24L · 2.0 KB
│ │ ├─ 📜 gpu.ts TypeScript 12L · 599 B
│ │ ├─ 📜 host.ts TypeScript 48L · 5.3 KB
│ │ ├─ 📜 image.ts TypeScript 28L · 2.3 KB
│ │ ├─ 📜 index.ts TypeScript 30L · 879 B
│ │ ├─ 📜 network.ts TypeScript 14L · 830 B
│ │ ├─ 📜 node.ts TypeScript 14L · 1022 B
│ │ ├─ 📜 ollama.ts TypeScript 22L · 1.8 KB
│ │ ├─ 📜 openresty.ts TypeScript 24L · 2.1 KB
│ │ ├─ 📜 php.ts TypeScript 25L · 2.6 KB
│ │ ├─ 📜 recyclebin.ts TypeScript 16L · 1002 B
│ │ ├─ 📜 runtime.ts TypeScript 14L · 1006 B
│ │ ├─ 📜 snapshot.ts TypeScript 24L · 2.3 KB
│ │ ├─ 📜 system.ts TypeScript 46L · 4.1 KB
│ │ ├─ 📜 task.ts TypeScript 12L · 540 B
│ │ ├─ 📜 volume.ts TypeScript 14L · 774 B
│ │ └─ 📜 website.ts TypeScript 56L · 6.5 KB
│ ├─ 📁 types
│ │ └─ 📜 config.ts TypeScript 6L · 107 B
│ ├─ 📁 utils
│ │ └─ 📜 auth.ts TypeScript 9L · 316 B
│ ├─ 📜 client-advanced.ts TypeScript 393L · 15.9 KB
│ ├─ 📜 client.ts TypeScript 393L · 15.9 KB
│ └─ 📜 index.ts TypeScript 17L · 371 B
├─ 📝 API_COVERAGE_FINAL.md Markdown 152L · 4.4 KB
├─ 📝 API_COVERAGE_REPORT.md Markdown 197L · 5.8 KB
├─ 📝 IMPLEMENTATION_PLAN.md Markdown 134L · 3.0 KB
├─ 📝 OPENCLAW_INSTALL.md Markdown 176L · 3.5 KB
├─ 📋 package.json JSON 49L · 1.0 KB
├─ 📝 PROGRESS.md Markdown 95L · 2.3 KB
├─ 📝 README.md Markdown 390L · 9.0 KB
├─ 📝 SKILL.md Markdown 176L · 4.0 KB
└─ 📋 tsconfig.json JSON 24L · 619 B

依赖分析 3 项

包名版本来源已知漏洞备注
@types/node ^20.19.37 npm Version not pinned, uses caret range
typescript ^5.9.3 npm Version not pinned, uses caret range
none (runtime) N/A npm Zero runtime dependencies — only Node.js standard library used

安全亮点

✓ No direct shell execution on the host machine — all operations route through the 1Panel REST API
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques detected
✓ No credential harvesting beyond the ONEPANEL_API_KEY which is necessary for the service
✓ No external network exfiltration or C2 communication — all requests target the configured 1Panel server
✓ No reverse shell, backdoor, or persistence mechanisms found in the codebase
✓ No hidden instructions in HTML comments or other steganographic patterns
✓ Clean auth implementation using MD5(token,timestamp) signature, matching 1Panel's expected protocol
✓ No malicious dependencies — package.json has zero runtime dependencies, only TypeScript dev tooling
✓ No npm scripts that execute remote content (no curl|bash, wget|sh patterns)
✓ Codebase is a well-structured TypeScript library, consistent with a legitimate API client