Skill Trust Decision
asoul-support
硬编码外部通信目标(Discord用户ID)且通过subprocess调用外部工具发送数据,但通知内容仅限开播状态,无凭证外泄证据,意图不明。
Most direct threat evidence
01
用户安装 asoul-support skill(伪装成粉丝应援工具) Entry · SKILL.md
02
subprocess 调用 openclaw CLI 向硬编码的 Discord 用户发送通知 Escalation · scripts/heartbeat.py
03
开播/下播状态通知发送到外部 Discord(当前仅状态信息,无敏感数据) Impact · scripts/heartbeat.py
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
用户安装 asoul-support skill(伪装成粉丝应援工具)
Entry · SKILL.md:1
02
subprocess 调用 openclaw CLI 向硬编码的 Discord 用户发送通知
Escalation · scripts/heartbeat.py:21
03
开播/下播状态通知发送到外部 Discord(当前仅状态信息,无敏感数据)
Impact · scripts/heartbeat.py:21
What drove the risk score up
硬编码 Discord 用户 ID 进行外部通信 +20
heartbeat.py:18 硬编码 _DISCORD_TARGET = 'user:1479415368249507881',通过 subprocess 调用 openclaw CLI 发送通知
subprocess 调用外部工具 +15
heartbeat.py:21-27 使用 subprocess.run 调用 openclaw message send,绕过标准 allowed-tools 映射
写入用户主目录日志 +10
写入 ~/.openclaw/logs/asoul_activity.jsonl,虽属声明范围但需关注数据收集范围
Most important evidence
High Priv Escalation
通过 subprocess 调用外部工具(未声明权限)
heartbeat.py 使用 subprocess.run 调用 openclaw CLI 发送 Discord 通知,SKILL.md 未声明 shell 执行或外部工具调用能力。subprocess 属于 shell:WRITE 级别,但未在文档中声明。
scripts/heartbeat.py:21 移除 subprocess 调用,改用平台提供的安全通信方式,或在 SKILL.md 中明确声明 shell:WRITE 权限及外部工具调用能力。
High Data Exfil
硬编码外部通信目标(Discord 用户 ID)
_DISCORD_TARGET 硬编码为 'user:1479415368249507881',将开播状态通知发送到指定 Discord 用户。虽然当前通知内容仅为开播状态(无凭证),但存在通过通知渠道外传数据的潜在风险。
scripts/heartbeat.py:18 移除硬编码目标,改为通过 skill 配置接收通知渠道,或完全移除 Discord 通知功能。
Medium Doc Mismatch
Discord 通知功能未在文档中声明
SKILL.md 中未提及 Discord 通知功能,用户无法得知工具会在开播时下播时向外部 Discord 用户发送消息。
SKILL.md:1 在 SKILL.md 中明确说明是否发送外部通知、通知内容及目标。
Medium Sensitive Access
写入用户主目录日志文件
活动日志写入 ~/.openclaw/logs/asoul_activity.jsonl,包含开播检测记录、挂机时长等数据。虽然用于汇总报告,但收集了用户活跃时段等行为数据。
scripts/heartbeat.py:39 明确告知用户日志收集范围,或提供关闭日志选项。
Low Supply Chain
零外部依赖声明与实际一致
SKILL.md 声明「零外部依赖,纯标准库」,代码审查确认所有脚本仅使用 Python 标准库,无第三方依赖引入。
SKILL.md:1 保持现状,无风险。
Declared capability vs actual capability
Filesystem Pass
Declared WRITE
→ Inferred WRITE
SKILL.md:各脚本读写 .cookies.json、写入日志 Network Pass
Declared READ
→ Inferred WRITE
SKILL.md:调用B站API发帖弹幕、心跳 Shell Block
Declared NONE
→ Inferred WRITE
heartbeat.py:21 subprocess.run(["openclaw", "message", "send", ...]) Environment Pass
Declared NONE
→ Inferred READ
通过 os.environ 访问 Cookie(间接通过文件) Clipboard Pass
Declared NONE
→ Inferred NONE
无剪贴板访问 Suspicious artifacts and egress
High IP Address
131.0.0.0 scripts/checkin.py:18
Medium External URL
https://openclaw.ai PROMO.md:5
Medium External URL
https://docs.openclaw.ai PROMO.md:17
Medium External URL
https://www.bilibili.com PROMO.md:27
Medium External URL
https://www.bilibili.com」 PROMO_XHS.txt:44
Medium External URL
https://api.live.bilibili.com/msg/send scripts/checkin.py:19
Medium External URL
https://api.live.bilibili.com/room/v1/Room/get_status_info_by_uids scripts/checkin.py:81
Medium External URL
https://live.bilibili.com scripts/checkin.py:86
Medium External URL
https://api.live.bilibili.com/xlive/app-ucenter/v1/fansMedal/panel?page= scripts/checkin.py:138
Medium External URL
https://api.live.bilibili.com/xlive/web-room/v1/fansMedal/wear scripts/checkin.py:175
Medium External URL
https://live.bilibili.com/ scripts/checkin.py:211
Medium External URL
https://space.bilibili.com/ scripts/dynamics.py:123
Dependencies and supply chain
There are no structured dependency warnings.
File composition
13 files · 2739 lines
Python 5 files · 2061 linesMarkdown 5 files · 435 linesText 2 files · 238 linesJSON 1 files · 5 lines
Files of concern · 7
scripts/heartbeat.py 通过 subprocess 调用外部工具(未声明权限) · 硬编码外部通信目标(Discord 用户 ID) · 写入用户主目录日志文件 · https://api.live.bilibili.com/room/v1/Room/get_info?room_id= · https://api.live.bilibili.com/xlive/web-room/v1/index/roomEntryAction · https://live-trace.bilibili.com/xlive/data-interface/v1/heartbeat/mobileHeartBeat · https://api.live.bilibili.com/User/userOnlineHeart · [email protected]
scripts/videos.py https://api.bilibili.com/x/web-interface/nav · https://api.bilibili.com/x/space/wbi/arc/search? · https://api.bilibili.com/x/web-interface/archive/like · https://api.bilibili.com/x/web-interface/coin/add · https://api.bilibili.com/x/v3/fav/resource/deal · https://api.bilibili.com/x/v3/fav/folder/created/list-all?up_mid= · https://www.bilibili.com/video/
scripts/checkin.py 131.0.0.0 · https://api.live.bilibili.com/msg/send · https://api.live.bilibili.com/room/v1/Room/get_status_info_by_uids · https://live.bilibili.com · https://api.live.bilibili.com/xlive/app-ucenter/v1/fansMedal/panel?page= · https://api.live.bilibili.com/xlive/web-room/v1/fansMedal/wear · https://live.bilibili.com/
scripts/dynamics.py https://space.bilibili.com/ · https://api.bilibili.com/x/polymer/web-dynamic/v1/feed/space?host_mid= · https://api.vc.bilibili.com/dynamic_like/v1/dynamic_like/thumb · https://t.bilibili.com · https://t.bilibili.com/
PROMO_XHS.txt https://www.bilibili.com」
SKILL.md Discord 通知功能未在文档中声明 · 零外部依赖声明与实际一致
PROMO.md https://openclaw.ai · https://docs.openclaw.ai · https://www.bilibili.com
Other files · daily_summary.py · persona.md · README.md · text2speech.md · PROMO_XHS_V4.txt
Security positives
零外部依赖,仅使用 Python 标准库,供应链风险极低
文档描述与代码行为基本一致,无明显阴影功能
Cookie 存储使用 0o600 权限保护
无 Base64 编码执行、eval() 等危险模式
所有 B站 API 调用均为官方接口,无可疑网络请求
无凭证收割、敏感路径遍历等恶意行为