omniclaw 安全扫描报告 — 低风险 | ClawSafe

20 /100

omniclaw

AI agent payment skill for x402 protocol payments, USDC transfers, and Circle Gateway nanopayments

OmniClaw is a legitimate payment processing skill for AI agents that handles x402 protocol payments and USDC transfers. The documentation is thorough, capabilities are clearly declared, and no hidden malicious behavior was identified.

技能名称omniclaw

分析耗时34.0s

引擎pi

✓

可以安装

This skill can be used safely. Ensure the OMNICLAW_TOKEN is properly secured and only grant this skill to agents that need payment capabilities.

安全发现 3 项

严重性	安全发现	位置
中危	Command execution capability in serve feature The omniclaw-cli serve --exec command allows arbitrary command execution, which could be abused if the skill is granted broadly. However, this is documented and intentional for the paid-service hosting feature. `--exec "python3 ./my_service.py"` → Limit grant of this skill to agents that specifically need to host paid services. Consider separating the payer and host capabilities.	`SKILL.md:239`
低危	Token handling requires strict security The OMNICLAW_TOKEN is a scoped agent token that must never be printed, logged, or transmitted. While the docs clearly warn about this, improper handling could lead to token exposure. `Never print, log, or transmit this value` → Ensure the runtime environment handles OMNICLAW_TOKEN as a sensitive secret, similar to API keys.	`SKILL.md:10`
低危	Server URL is user-configurable The server-url is provided by the owner at session start, meaning network traffic could go to any HTTPS endpoint. No hardcoded trusted endpoints. `--server-url <OMNICLAW_SERVER_URL>` → Verify the server URL before granting the skill to ensure it points to a legitimate OmniClaw server.	`SKILL.md:31`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md:185 '--output ./result.json' saves payment responses to files
网络访问	`READ`	`WRITE`	✓ 一致	SKILL.md:44 'omniclaw-cli pay' makes HTTP requests to pay for services; SKILL.md…
命令执行	`NONE`	`WRITE`	✓ 一致	SKILL.md:239 '--exec "python3 ./my_service.py"' allows arbitrary command executi…
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:10 'env: OMNICLAW_TOKEN' and SKILL.md:249 'OMNICLAW_PAYER_ADDRESS, OMNI…
技能调用	`NONE`	`NONE`	—	No nested skill invocations declared or detected
剪贴板	`NONE`	`NONE`	—	No clipboard access documented
浏览器	`NONE`	`NONE`	—	No browser automation documented
数据库	`NONE`	`NONE`	—	No direct database access documented

4 项发现

🔗

中危外部 URL 外部 URL

https://api.omniclaw.com

SKILL.md:46

🔗

中危外部 URL 外部 URL

https://service.example.com/data/query

SKILL.md:117

🔗

中危外部 URL 外部 URL

https://service.example.com/inference/run

SKILL.md:122

💰

中危钱包地址加密货币钱包地址

0x742d35Cc6634C0532925a3b844Bc9e7595f5e4a0

SKILL.md:160

目录结构

1 文件 · 11.4 KB · 422 行

Markdown 1f · 422L

└─ 📝 SKILL.md Markdown 422L · 11.4 KB

安全亮点

✓ Documentation is comprehensive and clearly defines boundaries of what the skill can and cannot do

✓ Clear error handling guidance with explicit 'stop and notify owner' instructions for failures

✓ Token security warnings are prominent and explicit (Rule 5)

✓ Idempotency key requirement prevents accidental double-charging

✓ Dry-run capability allows testing payments before execution

✓ Guards and whitelists are mentioned as owner-only controls

✓ No base64 encoding, obfuscation, or hidden instructions detected

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No credential harvesting behavior observed

✓ No curl|bash or wget|sh remote script execution patterns