barney 安全扫描报告 — 可信 | ClawSafe

10 /100

barney

Operate an already-open Hinge session in the browser or on iPhone to review profiles, triage the queue, analyze matches, draft respectful openers or replies, and execute explicit like, reply, or rose actions

Legitimate dating-app automation skill with benign code; the pre-flagged base64 IOC is a false positive (Appium screenshot API pattern), and credential reading is local-only for OpenAI API authentication with no exfiltration.

技能名称barney

分析耗时58.9s

引擎pi

✓

可以安装

No action required. The skill is safe to use. Minor improvement: add explicit permission declarations to SKILL.md.

安全发现 2 项

严重性	安全发现	位置
低危	SKILL.md missing explicit permission declarations 文档欺骗 The SKILL.md frontmatter declares no allowed-tools, yet scripts require filesystem WRITE (for queue, logs, screenshots), shell WRITE (spawnSync subprocess), and network access to external APIs. While all usage is legitimate, this creates a doc-to-code mismatch. `No allowed-tools declaration in frontmatter` → Add an allowed-tools declaration to SKILL.md frontmatter documenting filesystem:WRITE, network:READ, shell:WRITE, environment:READ permissions.	`SKILL.md:1`
提示	API key loaded from multiple config sources 敏感访问 hinge-ai.js, hinge-agent-daemon.js, and discover-autopilot.js all read OpenAI API keys from process.env, preference config, and openclaw.json (up to 3 directories up). The key is set to process.env.OPENAI_API_KEY and used only for local OpenAI API calls. No exfiltration observed. `if (key && !process.env.OPENAI_API_KEY) { process.env.OPENAI_API_KEY = key; }` → No action needed — this is a standard API key propagation pattern for Node.js tools. Ensure openclaw.json is not committed to version control.	`scripts/hinge-ai.js:261`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	Multiple scripts write JSON/markdown logs, queue files, screenshots
网络访问	`NONE`	`READ`	✓ 一致	Appium REST API, OpenAI API, Rizz API
命令执行	`NONE`	`WRITE`	✓ 一致	spawnSync in hinge-ai.js:234, hinge-agent-daemon.js, discover-autopilot.js
环境变量	`NONE`	`READ`	✓ 一致	OPENAI_API_KEY, APPIUM_* env vars read
技能调用	`NONE`	`WRITE`	✓ 一致	Scripts spawn each other via node subprocess

1 严重 8 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(result.value, 'base64'

clawhub-upload/barney/scripts/appium-ios.js:175

🔗

中危外部 URL 外部 URL

https://www.lovepanky.com/flirting-flings/naughty-affairs/flirty-text-examples

clawhub-upload/barney/references/rizz-style-notes.md:20

🔗

中危外部 URL 外部 URL

https://www.thecut.com/article/how-to-text-flirt-examples-advice.html

clawhub-upload/barney/references/rizz-style-notes.md:21

🔗

中危外部 URL 外部 URL

https://www.wikihow.com/Examples-of-Rizz-Lines

clawhub-upload/barney/references/rizz-style-notes.md:22

🔗

中危外部 URL 外部 URL

https://www.wikihow.com/How-to-Rizz-a-Girl-over-Text

clawhub-upload/barney/references/rizz-style-notes.md:23

🔗

中危外部 URL 外部 URL

http://127.0.0.1:4723

clawhub-upload/barney/scripts/appium-ios.js:19

🔗

中危外部 URL 外部 URL

http://127.0.0.1:4725

clawhub-upload/barney/scripts/discover-autopilot.js:207

🔗

中危外部 URL 外部 URL

https://rizzapi.vercel.app

clawhub-upload/barney/scripts/hinge-ai.js:1940

目录结构

34 文件 · 572.3 KB · 17522 行

JavaScript 16f · 16602L Markdown 8f · 830L Shell 2f · 70L YAML 2f · 12L JSON 2f · 8L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 6L · 342 B

├─ ▾ 📁 assets

│ ├─ 📦 barney-large.svg 1.1 KB

│ └─ 📦 barney-small.svg 1.0 KB

├─ ▾ 📁 clawhub-upload

│ └─ ▾ 📁 barney

│ ├─ ▾ 📁 agents

│ │ └─ 📋 openai.yaml YAML 6L · 342 B

│ ├─ ▾ 📁 assets

│ │ ├─ 📦 barney-large.svg 1.1 KB

│ │ └─ 📦 barney-small.svg 1.0 KB

│ ├─ ▾ 📁 references

│ │ ├─ 📝 ios-access.md Markdown 70L · 2.9 KB

│ │ └─ 📝 rizz-style-notes.md Markdown 23L · 894 B

│ ├─ ▾ 📁 scripts

│ │ ├─ 📜 appium-ios.js JavaScript 247L · 8.8 KB

│ │ ├─ 📜 discover-autopilot.js JavaScript 2310L · 76.9 KB

│ │ ├─ 📜 hinge-agent-daemon.js JavaScript 1139L · 32.9 KB

│ │ ├─ 📜 hinge-ai.js JavaScript 2080L · 70.9 KB

│ │ ├─ 📜 hinge-ios.js JavaScript 1795L · 56.9 KB

│ │ ├─ 📜 onboarding.js JavaScript 159L · 5.3 KB

│ │ ├─ 🔧 package-skill.sh Shell 35L · 792 B

│ │ ├─ 📜 queue.js JavaScript 159L · 4.1 KB

│ │ └─ 📜 session-utils.js JavaScript 412L · 11.6 KB

│ ├─ 📋 _meta.json JSON 4L · 45 B

│ ├─ 📝 LICENSE.md Markdown 7L · 921 B

│ └─ 📝 SKILL.md Markdown 315L · 10.8 KB

├─ ▾ 📁 references

│ ├─ 📝 ios-access.md Markdown 70L · 2.9 KB

│ └─ 📝 rizz-style-notes.md Markdown 23L · 894 B

├─ ▾ 📁 scripts

│ ├─ 📜 appium-ios.js JavaScript 247L · 8.8 KB

│ ├─ 📜 discover-autopilot.js JavaScript 2310L · 76.9 KB

│ ├─ 📜 hinge-agent-daemon.js JavaScript 1139L · 32.9 KB

│ ├─ 📜 hinge-ai.js JavaScript 2080L · 70.9 KB

│ ├─ 📜 hinge-ios.js JavaScript 1795L · 56.9 KB

│ ├─ 📜 onboarding.js JavaScript 159L · 5.3 KB

│ ├─ 🔧 package-skill.sh Shell 35L · 792 B

│ ├─ 📜 queue.js JavaScript 159L · 4.1 KB

│ └─ 📜 session-utils.js JavaScript 412L · 11.6 KB

├─ 📋 _meta.json JSON 4L · 45 B

├─ 📝 LICENSE.md Markdown 7L · 921 B

└─ 📝 SKILL.md Markdown 315L · 10.8 KB

安全亮点

✓ No malicious IOCs found — the pre-flagged base64 IOC is a false positive (standard Appium screenshot API)

✓ No credential exfiltration — API keys are read locally and used only for OpenAI API calls

✓ No reverse shell, C2, or data theft behavior

✓ No curl|bash or wget|sh remote script execution

✓ No eval() with base64 or obfuscated code execution

✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths

✓ All subprocess invocation is to bundled scripts, not arbitrary user input

✓ Shell script packaging uses rsync with explicit exclusions (no arbitrary download)

✓ External URLs are all expected API endpoints (Appium localhost, OpenAI, Rizz API)

✓ Detailed documentation covers all major capabilities and boundaries