community-os 安全扫描报告 — 低风险 | ClawSafe

25 /100

community-os

Simple Telegram Bot management with LLM and knowledge base

A legitimate Telegram bot management skill with minor security flaws (authentication bypass, unpinned dependencies) but no malicious behavior detected.

技能名称community-os

分析耗时64.8s

引擎pi

✓

可以安装

Fix the require_auth() bypass in admin/app.py, pin dependency versions, and add SSRF protection for broadcast API endpoints before production use.

安全发现 5 项

严重性	安全发现	位置
高危	Authentication Bypass The require_auth() function in admin/app.py:278 always returns 'admin' without performing any actual authentication check. This bypasses all protected API endpoints. `def require_auth(request: Request) -> str: # 跳过登录验证，直接返回默认用户 return "admin"` → Implement proper session validation using validate_session() function that already exists in the codebase.	`admin/app.py:278`
中危	Missing LLM Provider Modules bot_instance.py imports from 'llm.claude_code' and 'llm.apiyi' modules that don't exist in the codebase. These imports would fail at runtime. `from .llm.claude_code import ClaudeCodeLLM` → Implement the missing LLM provider modules or remove unused imports.	`bot_engine/bot_instance.py:35`
中危	SSRF Risk in Broadcast Feature The get_broadcast_content() method fetches content from user-configured API endpoints without validation. An attacker with admin access could target internal services. `resp = requests.get(api_endpoint, timeout=10)` → Add URL validation to prevent requests to private IP ranges (127.0.0.1, 10.0.0.0/8, 192.168.0.0/16, etc.).	`bot_engine/bot_instance.py:223`
低危	Unpinned Dependencies requirements.txt contains packages without version constraints, which could lead to supply chain vulnerabilities. `requests==2.31.0` → Pin all dependencies to specific versions for reproducible and secure builds.	`requirements.txt:1`
低危	Missing Harness Integration bot_instance.py attempts to import GovernanceEngine from 'harness.core', but this module is not part of the skill package and would fail if harness is not installed. `from harness.core import GovernanceEngine` → Document harness as a required dependency or implement graceful fallback.	`bot_engine/bot_instance.py:23`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md describes knowledge base upload and config management
网络访问	`READ`	`READ`	✓ 一致	Telegram API calls in admin/app.py, broadcast API fetch in bot_instance.py
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, exec, or eval found
环境变量	`READ`	`READ`	✓ 一致	.env loading in admin/app.py:22-30 for API keys
技能调用	`NONE`	`NONE`	—	No skill invocation observed
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`READ`	`READ`	✓ 一致	ChromaDB for vector search, JSON files for config storage

5 项发现

🔗

中危外部 URL 外部 URL

https://api.example.com/news

admin/app.py:142

🔗

中危外部 URL 外部 URL

https://feeds.example.com/web3

admin/app.py:164

🔗

中危外部 URL 外部 URL

https://api.telegram.org/bot

admin/app.py:463

🔗

中危外部 URL 外部 URL

https://your-domain/api/telegram/webhook/

admin/app.py:1169

🔗

中危外部 URL 外部 URL

https://api.example.com/v1

admin/lite.html:161

目录结构

11 文件 · 104.8 KB · 2577 行

Python 5f · 1818L HTML 1f · 492L JSON 2f · 139L Markdown 2f · 121L Text 1f · 7L

├─ ▾ 📁 admin

│ ├─ 🐍 app.py Python 1281L · 58.0 KB

│ └─ 📄 lite.html HTML 492L · 19.7 KB

├─ ▾ 📁 bot_engine

│ ├─ 🐍 __init__.py Python 1L · 25 B

│ ├─ 🐍 bot_instance.py Python 311L · 11.5 KB

│ ├─ 🐍 config_parser.py Python 63L · 2.3 KB

│ └─ 🐍 manager.py Python 162L · 6.3 KB

├─ ▾ 📁 config

│ └─ 📋 openclaw.json JSON 131L · 3.7 KB

├─ 📋 _meta.json JSON 8L · 262 B

├─ 📝 README.md Markdown 69L · 1.6 KB

├─ 📄 requirements.txt Text 7L · 129 B

└─ 📝 SKILL.md Markdown 52L · 1.3 KB

依赖分析 8 项

包名	版本	来源	已知漏洞	备注
`fastapi`	`0.109.0`	pip	否	Pinned
`uvicorn`	`0.27.0`	pip	否	Pinned with extras
`python-multipart`	`0.0.6`	pip	否	Pinned
`requests`	`2.31.0`	pip	否	Pinned
`pyyaml`	`6.0.1`	pip	否	Pinned
`chromadb`	`0.4.22`	pip	否	Pinned
`jinja2`	`3.1.3`	pip	否	Pinned
`httpx`	`*`	imported	否	Used in app.py but not in requirements.txt - imported directly

安全亮点

✓ No shell execution or command injection vectors found

✓ No base64 decode + exec patterns detected

✓ No credential exfiltration to external servers

✓ API keys stored in environment variables, not hardcoded

✓ File upload restricted to allowlisted extensions (.md, .txt, .pdf, .docx, .pptx, .xlsx, .csv, .pages)

✓ No access to sensitive paths like ~/.ssh or ~/.aws

✓ Session tokens use cryptographically secure secrets.token_urlsafe()

✓ No hidden functionality - behavior matches SKILL.md description