authlock 安全扫描报告 — 可疑 | ClawSafe

30 /100

authlock

MFA-bound secret protection with TOTP encryption

AuthLock provides legitimate TOTP-based secret encryption but contains an undocumented subprocess execution feature with shell=True that poses command injection risk.

技能名称authlock

分析耗时41.8s

引擎pi

⚠

谨慎使用

Review the --exec functionality and consider sanitizing the command argument or removing shell=True. The feature appears designed for legitimate use cases but lacks proper input validation.

安全发现 3 项

严重性	安全发现	位置
高危	Shell command injection vulnerability in --exec The cmd_open function uses subprocess.run(shell=True) with the user-supplied --exec argument. While the example shows legitimate use for SSH, the command is not sanitized and could allow command injection if metacharacters are included in args.exec. `subprocess.run(cmd, shell=True)` → Use subprocess.run with shell=False and pass command as list, or implement strict input validation to prevent shell injection.	`authlock_cli.py:336`
中危	Sensitive path access not prominently documented The SKILL.md examples show encrypting ~/.ssh/id_rsa but this sensitive path access is not declared in the capability requirements section. `authlock seal ~/.ssh/id_rsa --name my-server-key` → Document that the tool accesses user home directory and sensitive files for encryption purposes.	`SKILL.md:45`
低危	TOTP seed stored in plaintext config The TOTP seed is stored in config.json without additional encryption beyond file permissions. While this is standard practice, the seed is the critical secret. `config['totp_seed'] = seed` → Consider documenting that config.json should be protected with appropriate file permissions.	`authlock_cli.py:103`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ,WRITE`	`READ,WRITE`	✓ 一致	SKILL.md:seal/open commands; authlock_cli.py:cmd_seal,cmd_open
命令执行	`NONE`	`WRITE`	✗ 越权	authlock_cli.py:336 - subprocess.run(cmd, shell=True)
环境变量	`NONE`	`READ`	✓ 一致	SKILL.md:OPENCLAW_WORKSPACE,AUTHLOCK_HOME usage
网络访问	`NONE`	`NONE`	—	No network requests found

目录结构

2 文件 · 29.5 KB · 986 行

Python 1f · 728L Markdown 1f · 258L

├─ 🐍 authlock_cli.py Python 728L · 21.7 KB

└─ 📝 SKILL.md Markdown 258L · 7.9 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`cryptography`	`*`	pip	否	Standard encryption library
`pyotp`	`*`	pip	否	TOTP generation
`qrcode`	`*`	pip	否	QR code display

安全亮点

✓ TOTP-based MFA provides strong authentication for decryption

✓ AES-256-GCM with PBKDF2-SHA256 for encryption (industry standard)

✓ No evidence of network exfiltration or data theft

✓ Security notes prohibit echoing plaintext in conversation

✓ PIN optional second factor implemented

✓ Temporary files cleaned up after execution

✓ File permissions set to 0o600 for decrypted secrets