Skill Trust Decision

birth-system-manager

Name: birth-system-manager Trust Review Report
Item: birth-system-manager
Rating: 32
Author: ClawSafe

声明与行为严重不符：SKILL.md承诺不显示私钥但decrypt-wallet.js将私钥明文输出到stdout，且generate-birth-id.js将私钥明文写入磁盘

Install decision first Source: ClawHub Scanned: Apr 10, 2026

Files 10

Artifacts 2

Violations 2

Findings 7

Most direct threat evidence

Critical Doc Mismatch

文档承诺不显示私钥但代码明文输出

SKILL.md明确声明'Return ONLY wallet address and success message, NEVER show full private key'，但decrypt-wallet.js第69-70行将解密后的私钥通过console.log直接打印到标准输出stdout

decrypt-wallet.js:69

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

2 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

Attack Chain

攻击者通过SKILL.md文档判断为合法身份系统工具

Entry · SKILL.md:1

用户执行'decrypt wallet'命令

Escalation · decrypt-wallet.js:1

私钥明文输出到stdout被攻击者截获

Impact · decrypt-wallet.js:69

攻击者获取以太坊钱包私钥后可完全控制钱包资产

Impact · decrypt-wallet.js:70

What drove the risk score up

文档欺诈 - 私钥泄露承诺 +30

SKILL.md声明'NEVER show full private key'但decrypt-wallet.js:69-70行明文打印私钥到stdout

敏感数据明文存储 +25

generate-birth-id.js:51行将wallet.privateKey明文写入~/.openclaw/birth-info.json

弱默认密码 +8

pack.js:21行无密码时使用'default-secret-password'作为默认加密密码

凭证文件访问 +5

所有脚本访问~/.openclaw/birth-info.json含敏感凭证

Most important evidence

Critical Doc Mismatch

文档承诺不显示私钥但代码明文输出

decrypt-wallet.js:69

删除第69-70行的私钥输出，仅保留wallet.address输出

Critical Credential Theft

私钥明文写入磁盘

generate-birth-id.js第51行将wallet.privateKey明文保存到~/.openclaw/birth-info.json文件中，任何能访问该文件的人都可获取钱包私钥

generate-birth-id.js:51

使用加密存储替代明文存储，如使用ethers.Wallet.encrypt()加密后存储encrypted_private_key

High Doc Mismatch

私钥解密逻辑处理不当

clone-init.js和fix-clone.js尝试处理encrypted_private_key时存在逻辑缺陷，若解密失败会回退使用原始signature而非正确报错

clone-init.js:95

解密失败时应明确报错而非静默回退，避免用户误以为签名有效

Medium Supply Chain

依赖包无版本锁定

代码使用ethers库但无package.json指定版本，存在依赖投毒风险

unknown

创建package.json并锁定ethers版本，如ethers@^6.0.0

Medium Credential Theft

弱默认加密密码

pack.js第21行使用'default-secret-password'作为默认打包密码，若用户未设置BIRTH_PACK_PASSWORD，备份钱包将以弱密码加密

pack.js:21

无密码时应强制要求用户输入，不应使用默认密码

Low Sensitive Access

收集系统指纹信息

pack.js第138-141行在clone marker中记录hostname、platform、arch、node_version等系统信息

pack.js:138

如非必要功能，应移除系统指纹收集

Low Sensitive Access

访问系统环境变量

脚本访问process.env.HOME、process.env.IS_CLONE等环境变量，虽然这是正常功能但需注意敏感环境变量泄露风险

clone-init.js:14

确保运行环境的环境变量安全性

Declared capability vs actual capability

Filesystem Block

Declared READ

→

Inferred WRITE

generate-birth-id.js:51 将私钥写入birth-info.json

Shell Block

Declared NONE

→

Inferred READ

unpack.js:69 使用execSync执行tar命令

Network Pass

Declared NONE

→

Inferred NONE

所有脚本无网络调用

Suspicious artifacts and egress

Medium Wallet Address

0xF80042413226cf4a5F1b7de458Cf0EEd19237662

fix-clone.js:30

Medium External URL

https://docs.openclaw.ai

pack.js:272

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
ethers	`*`	unknown	No	无package.json锁定版本

File composition

10 files · 1685 lines

JavaScript 7 files · 1488 linesMarkdown 2 files · 192 linesJSON 1 files · 5 lines

Files of concern · 5

pack.js JavaScript · 395 lines

弱默认加密密码 · 收集系统指纹信息 · https://docs.openclaw.ai

fix-clone.js JavaScript · 259 lines

0xF80042413226cf4a5F1b7de458Cf0EEd19237662

clone-init.js JavaScript · 226 lines

私钥解密逻辑处理不当 · 访问系统环境变量

generate-birth-id.js JavaScript · 164 lines

私钥明文写入磁盘

decrypt-wallet.js JavaScript · 103 lines

文档承诺不显示私钥但代码明文输出

Other files · whoami.js · unpack.js · README.md · SKILL.md · _meta.json

Security positives

声称的本地操作无网络调用与代码实现一致

使用AES-256-CBC进行加密（算法层面合规）

使用scrypt密钥派生函数（比简单SHA256更安全）

签名验证机制可防止数据篡改