中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 10/100
Last scan:23 hr ago Rescan
10 /100
barney
Operate an already-open Hinge session in the browser or on iPhone to review profiles, triage the queue, analyze matches, draft respectful openers or replies, and execute explicit like, reply, or rose actions
Legitimate dating-app automation skill with benign code; the pre-flagged base64 IOC is a false positive (Appium screenshot API pattern), and credential reading is local-only for OpenAI API authentication with no exfiltration.
Skill Namebarney
Duration58.9s
Enginepi
Safe to install
No action required. The skill is safe to use. Minor improvement: add explicit permission declarations to SKILL.md.

Findings 2 items

Severity Finding Location
Low
SKILL.md missing explicit permission declarations Doc Mismatch
The SKILL.md frontmatter declares no allowed-tools, yet scripts require filesystem WRITE (for queue, logs, screenshots), shell WRITE (spawnSync subprocess), and network access to external APIs. While all usage is legitimate, this creates a doc-to-code mismatch.
No allowed-tools declaration in frontmatter
→ Add an allowed-tools declaration to SKILL.md frontmatter documenting filesystem:WRITE, network:READ, shell:WRITE, environment:READ permissions.
 SKILL.md:1
Info
API key loaded from multiple config sources Sensitive Access
hinge-ai.js, hinge-agent-daemon.js, and discover-autopilot.js all read OpenAI API keys from process.env, preference config, and openclaw.json (up to 3 directories up). The key is set to process.env.OPENAI_API_KEY and used only for local OpenAI API calls. No exfiltration observed.
if (key && !process.env.OPENAI_API_KEY) { process.env.OPENAI_API_KEY = key; }
→ No action needed — this is a standard API key propagation pattern for Node.js tools. Ensure openclaw.json is not committed to version control.
 scripts/hinge-ai.js:261
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned Multiple scripts write JSON/markdown logs, queue files, screenshots
Network NONE READ ✓ Aligned Appium REST API, OpenAI API, Rizz API
Shell NONE WRITE ✓ Aligned spawnSync in hinge-ai.js:234, hinge-agent-daemon.js, discover-autopilot.js
Environment NONE READ ✓ Aligned OPENAI_API_KEY, APPIUM_* env vars read
Skill Invoke NONE WRITE ✓ Aligned Scripts spawn each other via node subprocess
1 Critical 8 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(result.value, 'base64'
clawhub-upload/barney/scripts/appium-ios.js:175
🔗
Medium External URL 外部 URL
https://www.lovepanky.com/flirting-flings/naughty-affairs/flirty-text-examples
clawhub-upload/barney/references/rizz-style-notes.md:20
🔗
Medium External URL 外部 URL
https://www.thecut.com/article/how-to-text-flirt-examples-advice.html
clawhub-upload/barney/references/rizz-style-notes.md:21
🔗
Medium External URL 外部 URL
https://www.wikihow.com/Examples-of-Rizz-Lines
clawhub-upload/barney/references/rizz-style-notes.md:22
🔗
Medium External URL 外部 URL
https://www.wikihow.com/How-to-Rizz-a-Girl-over-Text
clawhub-upload/barney/references/rizz-style-notes.md:23
🔗
Medium External URL 外部 URL
http://127.0.0.1:4723
clawhub-upload/barney/scripts/appium-ios.js:19
🔗
Medium External URL 外部 URL
http://127.0.0.1:4725
clawhub-upload/barney/scripts/discover-autopilot.js:207
🔗
Medium External URL 外部 URL
https://rizzapi.vercel.app
clawhub-upload/barney/scripts/hinge-ai.js:1940

File Tree

34 files · 572.3 KB · 17522 lines
JavaScript 16f · 16602L Markdown 8f · 830L Shell 2f · 70L YAML 2f · 12L JSON 2f · 8L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 6L · 342 B
├─ 📁 assets
│ ├─ 📦 barney-large.svg 1.1 KB
│ └─ 📦 barney-small.svg 1.0 KB
├─ 📁 clawhub-upload
│ └─ 📁 barney
│ ├─ 📁 agents
│ │ └─ 📋 openai.yaml YAML 6L · 342 B
│ ├─ 📁 assets
│ │ ├─ 📦 barney-large.svg 1.1 KB
│ │ └─ 📦 barney-small.svg 1.0 KB
│ ├─ 📁 references
│ │ ├─ 📝 ios-access.md Markdown 70L · 2.9 KB
│ │ └─ 📝 rizz-style-notes.md Markdown 23L · 894 B
│ ├─ 📁 scripts
│ │ ├─ 📜 appium-ios.js JavaScript 247L · 8.8 KB
│ │ ├─ 📜 discover-autopilot.js JavaScript 2310L · 76.9 KB
│ │ ├─ 📜 hinge-agent-daemon.js JavaScript 1139L · 32.9 KB
│ │ ├─ 📜 hinge-ai.js JavaScript 2080L · 70.9 KB
│ │ ├─ 📜 hinge-ios.js JavaScript 1795L · 56.9 KB
│ │ ├─ 📜 onboarding.js JavaScript 159L · 5.3 KB
│ │ ├─ 🔧 package-skill.sh Shell 35L · 792 B
│ │ ├─ 📜 queue.js JavaScript 159L · 4.1 KB
│ │ └─ 📜 session-utils.js JavaScript 412L · 11.6 KB
│ ├─ 📋 _meta.json JSON 4L · 45 B
│ ├─ 📝 LICENSE.md Markdown 7L · 921 B
│ └─ 📝 SKILL.md Markdown 315L · 10.8 KB
├─ 📁 references
│ ├─ 📝 ios-access.md Markdown 70L · 2.9 KB
│ └─ 📝 rizz-style-notes.md Markdown 23L · 894 B
├─ 📁 scripts
│ ├─ 📜 appium-ios.js JavaScript 247L · 8.8 KB
│ ├─ 📜 discover-autopilot.js JavaScript 2310L · 76.9 KB
│ ├─ 📜 hinge-agent-daemon.js JavaScript 1139L · 32.9 KB
│ ├─ 📜 hinge-ai.js JavaScript 2080L · 70.9 KB
│ ├─ 📜 hinge-ios.js JavaScript 1795L · 56.9 KB
│ ├─ 📜 onboarding.js JavaScript 159L · 5.3 KB
│ ├─ 🔧 package-skill.sh Shell 35L · 792 B
│ ├─ 📜 queue.js JavaScript 159L · 4.1 KB
│ └─ 📜 session-utils.js JavaScript 412L · 11.6 KB
├─ 📋 _meta.json JSON 4L · 45 B
├─ 📝 LICENSE.md Markdown 7L · 921 B
└─ 📝 SKILL.md Markdown 315L · 10.8 KB

Security Positives

✓ No malicious IOCs found — the pre-flagged base64 IOC is a false positive (standard Appium screenshot API)
✓ No credential exfiltration — API keys are read locally and used only for OpenAI API calls
✓ No reverse shell, C2, or data theft behavior
✓ No curl|bash or wget|sh remote script execution
✓ No eval() with base64 or obfuscated code execution
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ All subprocess invocation is to bundled scripts, not arbitrary user input
✓ Shell script packaging uses rsync with explicit exclusions (no arbitrary download)
✓ External URLs are all expected API endpoints (Appium localhost, OpenAI, Rizz API)
✓ Detailed documentation covers all major capabilities and boundaries