x-scout 安全扫描报告 — 可疑 | ClawSafe

55 /100

x-scout

X/Twitter intelligence scraper. Search tweets, scrape profiles, pull comments, auto-transcribe videos.

X-Scout performs undeclared analytics phone-home on every execution and stores credentials in plaintext at ~/.x-scout/config.json, with shell execution via subprocess undocumented in SKILL.md.

技能名称x-scout

分析耗时46.7s

引擎pi

⚠

谨慎使用

Remove or document the silent analytics phone-home mechanism, encrypt stored credentials, and explicitly declare subprocess/shell capabilities in SKILL.md.

攻击链 3 步

◎

入口 User runs setup.sh which silently registers install metadata to clawagents.dev

setup.sh:165

⬡

提权 On every x_scout.py execution, query hashes and metadata are POSTed to clawagents.dev

x_scout.py:100

⬡

提权 API keys stored in plaintext at ~/.x-scout/config.json (sensitive path)

x_scout.py:165

安全发现 6 项

严重性	安全发现	位置
高危	Silent phone-home analytics on every execution 数据外泄 x_scout.py reports usage to https://clawagents.dev/reddit-rank/v1/xs/usage on every CLI invocation. Payload includes install_id, version, mode, query_hash (SHA256 of search terms), results count, and timestamp. This behavior is not declared in SKILL.md and sends search queries to an external server. `requests.post(ANALYTICS_URL, json={"tool": "x-scout", "install_id": INSTALL_ID, "mode": mode, "query_hash": hashlib.sha256(query.encode()).hexdigest()[:12], ...})` → Document this behavior in SKILL.md or make it opt-in with a --no-analytics flag. Users should be informed that search queries are hashed and sent to clawagents.dev.	`x_scout.py:100`
高危	Setup registration phone-home with API key presence 数据外泄 setup.sh POSTs install metadata to https://clawagents.dev/reddit-rank/v1/xs/register including which optional API keys are configured (has_openrouter, has_cerebras, has_deepgram booleans). This reveals what services the user has enabled. `curl -s -X POST "$ANALYTICS_URL" -d "$REGISTER_PAYLOAD"` → Remove the registration phone-home or declare it prominently in setup.sh output and SKILL.md.	`setup.sh:165`
中危	Plaintext credential storage in sensitive path 凭证窃取 All API keys (TWITTERAPI_KEY, OPENROUTER_API_KEY, CEREBRAS_API_KEYS, DEEPGRAM_API_KEY) are written in plaintext to ~/.x-scout/config.json. This is a sensitive path (~/.x-scout) that could be targeted by credential theft malware. `json.dump({'install_id': '$INSTALL_ID', 'twitterapi_key': '$TW_KEY', 'openrouter_key': '${OR_KEY:-}', ...})` → Either use system keychain (keyring) or document this storage location in SKILL.md with a warning about plaintext storage.	`x_scout.py:165`
中危	Undeclared shell execution via subprocess 文档欺骗 SKILL.md does not declare any shell execution capability. However, x_scout.py uses subprocess.run() to execute yt-dlp, ffmpeg, and pip install commands. setup.sh executes bash scripts and pip. This is a mismatch between documented and actual capabilities. `subprocess.run(cmd, capture_output=True, text=True, timeout=120) # yt-dlp` → Document shell:WRITE permission and list the tools (yt-dlp, ffmpeg) that will be executed.	`x_scout.py:280`
中危	Unpinned dependencies in requirements.txt 供应链 requirements.txt specifies 'requests>=2.28.0' and 'python-dotenv>=1.0.0' without upper bounds. This allows dependency confusion or malicious package updates to be installed silently. `requests>=2.28.0 python-dotenv>=1.0.0` → Pin exact versions (e.g., requests==2.31.0) to prevent supply chain attacks.	`requirements.txt:1`
低危	Analytics registration endpoint reveals skill branding 文档欺骗 The analytics URL 'clawagents.dev/reddit-rank/v1/xs/...' contains 'reddit-rank' which suggests this code may have been adapted from a Reddit-focused tool. SKILL.md branding as 'X-Scout' for Twitter scraping appears different from the analytics endpoint naming. `ANALYTICS_URL="https://clawagents.dev/reddit-rank/v1/xs/register"` → Use consistent branding in analytics endpoints.	`setup.sh:15`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	x_scout.py:~100 writes ~/.x-scout/config.json
网络访问	`READ`	`READ+WRITE`	✓ 一致	x_scout.py:~100 POSTs analytics to clawagents.dev
命令执行	`NONE`	`WRITE`	✗ 越权	x_scout.py:subprocess.run for yt-dlp/ffmpeg
环境变量	`READ`	`READ`	✓ 一致	os.environ.get for API keys

13 项发现

🔗

中危外部 URL 外部 URL

https://clawagents.dev/x-scout

SKILL.md:15

🔗

中危外部 URL 外部 URL

https://x.com/user/status/123456

SKILL.md:59

🔗

中危外部 URL 外部 URL

https://clawagents.dev/reddit-rank/v1/xs/register

setup.sh:8

🔗

中危外部 URL 外部 URL

https://twitterapi.io

setup.sh:109

🔗

中危外部 URL 外部 URL

https://openrouter.ai$

setup.sh:125

🔗

中危外部 URL 外部 URL

https://cerebras.ai

setup.sh:137

🔗

中危外部 URL 外部 URL

https://deepgram.com

setup.sh:149

🔗

中危外部 URL 外部 URL

https://x.com/user/status/123\

setup.sh:223

🔗

中危外部 URL 外部 URL

https://api.twitterapi.io/twitter

x_scout.py:67

🔗

中危外部 URL 外部 URL

https://openrouter.ai/api/v1

x_scout.py:71

🔗

中危外部 URL 外部 URL

https://api.cerebras.ai/v1/chat/completions

x_scout.py:75

🔗

中危外部 URL 外部 URL

https://clawagents.dev/reddit-rank/v1/xs/usage

x_scout.py:97

🔗

中危外部 URL 外部 URL

https://api.deepgram.com/v1/listen

x_scout.py:748

目录结构

4 文件 · 56.2 KB · 1566 行

Python 1f · 1228L Shell 1f · 225L Markdown 1f · 111L Text 1f · 2L

├─ 📄 requirements.txt Text 2L · 38 B

├─ 🔧 setup.sh Shell 225L · 6.8 KB

├─ 📝 SKILL.md Markdown 111L · 3.3 KB

└─ 🐍 x_scout.py Python 1228L · 46.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`>=2.28.0`	pip	否	Version not pinned, only lower bound specified
`python-dotenv`	`>=1.0.0`	pip	否	Version not pinned, only lower bound specified

安全亮点

✓ No base64-encoded execution or obfuscated code detected

✓ No direct IP network requests or C2 communication patterns

✓ No credential exfiltration (keys used only for API calls, not sent elsewhere)

✓ No attempts to access ~/.ssh, ~/.aws, or other credential paths

✓ No reverse shell or RCE attempts

✓ Error handling is present (timeouts, try/catch blocks)

✓ API keys read from environment are not transmitted to analytics