中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:18 小时前 重新扫描
20 /100
Enterprise AI Assistant Bundle
Enterprise AI assistant with Feishu + OpenClaw integration for smart customer service, group chat, approval automation, and daily report generation
A legitimate enterprise Feishu bot bundle with minor documentation gaps: shell execution for pip installs and network access are not declared in SKILL.md, and dependencies lack version pinning, but no malicious behavior is present.
技能名称Enterprise AI Assistant Bundle
分析耗时58.6s
引擎pi
可以安装
Add explicit permission declarations for shell:WRITE (pip install via os.system) and network:READ (api.openclaw.ai/v1) to SKILL.md. Pin lark and openclaw to specific versions to reduce supply-chain risk.

安全发现 3 项

严重性 安全发现 位置
低危
Shell execution not declared in SKILL.md 文档欺骗
deploy.py uses os.system() to run pip install commands, which requires shell:WRITE permission. SKILL.md mentions 'pip install openclaw lark' in usage instructions but does not formally declare the shell:WRITE permission.
os.system('pip install lark')
→ Add shell:WRITE to declared permissions in SKILL.md if pip install via shell is part of the skill's capability contract.
 deploy.py:50
低危
Unpinned dependencies lark and openclaw 供应链
deploy.py installs lark and openclaw without version pins (e.g., 'pip install lark==1.0.0'). This allows dependency versions to change between executions, introducing supply-chain risk.
os.system('pip install lark')
→ Pin both packages to specific versions: pip install lark==X.Y.Z openclaw==X.Y.Z
 deploy.py:50
提示
Network access not formally declared 文档欺骗
SKILL.md references api.openclaw.ai and open.feishu.cn but does not declare network:READ permission. The skill makes outbound HTTPS requests to api.openclaw.ai/v1 which should be declared.
requests.post(f'{OPENCLAW_BASE_URL}/chat/completions', ...)
→ Add network:READ to declared permissions in SKILL.md, listing api.openclaw.ai as a required endpoint.
 bot.py:43
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 deploy.py:50 - os.system('pip install lark'); deploy.py:57 - os.system('pip inst…
网络访问 NONE READ ✗ 越权 bot.py:43 - requests.post to api.openclaw.ai/v1; SKILL.md shows external URLs bu…
文件系统 NONE WRITE ✓ 一致 deploy.py creates config.json and skills/ directory — directly relevant to deplo…
环境变量 NONE READ ✓ 一致 bot.py:21 reads OPENCLAW_API_KEY from os.getenv — documented in SKILL.md as a se…
4 项发现
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn
SKILL.md:30
🔗
中危 外部 URL 外部 URL
https://discord.gg/clawd
SKILL.md:55
🔗
中危 外部 URL 外部 URL
https://api.openclaw.ai/v1
deploy.py:41
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:54

目录结构

3 文件 · 7.6 KB · 255 行
Python 2f · 190L Markdown 1f · 65L
├─ 🐍 bot.py Python 82L · 2.2 KB
├─ 🐍 deploy.py Python 108L · 3.8 KB
└─ 📝 SKILL.md Markdown 65L · 1.6 KB

依赖分析 4 项

包名版本来源已知漏洞备注
lark * pip Version not pinned — supply-chain risk
openclaw * pip Version not pinned — third-party package without version constraint
flask * pip (implicit) Used in bot.py but not explicitly listed; version not pinned
requests * pip (implicit) Used in bot.py for HTTP calls; version not pinned

安全亮点

✓ No credential harvesting or environment variable iteration for theft
✓ No base64-encoded commands or obfuscated payloads
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No C2 communication or data exfiltration
✓ No reverse shell or arbitrary code execution beyond documented pip install
✓ API key is read from environment variable (OPENCLAW_API_KEY) and not hardcoded or exfiltrated
✓ No hidden instructions in HTML comments or other stealth behavior
✓ Code is readable and straightforward — no anti-analysis techniques