Auto Bug Finder 安全扫描报告 — 低风险 | ClawSafe

22 /100

Auto Bug Finder

Iterative LLM-inspired Solidity smart contract security scanner that runs multi-tool analysis (Slither, Hardhat) in sprints to find and fix bugs

Legitimate Solidity security scanner that runs standard development tools (Hardhat, Slither) with undocumented auto-fix patching capability.

技能名称Auto Bug Finder

分析耗时31.4s

引擎pi

✓

可以安装

Add explicit declaration of shell execution (exec) and filesystem write access for patch application to SKILL.md. Consider restricting auto-fix to a dry-run mode.

安全发现 3 项

严重性	安全发现	位置
中危	Shell execution not declared in documentation 文档欺骗 SKILL.md describes the tool's purpose and outputs but never explicitly mentions that it uses Node.js child_process.exec/execSync to run hardhat and slither commands. While the tools mentioned are standard dev tooling, the execution mechanism should be declared. `const { execSync, exec } = require('child_process');` → Add to SKILL.md: 'Requires shell execution to run npx hardhat compile, npx hardhat test, slither, and npx hardhat coverage'	`auto-bug-finder.js:36`
中危	Auto-fix patch application modifies source files without clear warning 文档欺骗 The script applies automatic fixes to the contract source file (line 460: fs.writeFileSync(CONTRACT_PATH, contractSource)) creating .bak backups. SKILL.md describes 'generating patches' but does not clearly state it writes back to the original contract source. `fs.writeFileSync(CONTRACT_PATH, contractSource);` → Add to SKILL.md: 'Auto-fixes are applied directly to the contract source with .bak backups created. The skill modifies the contract file when applying patches.'	`auto-bug-finder.js:460`
低危	Hardcoded project directory assumptions 敏感访问 Script uses hardcoded path resolution (path.resolve(__dirname, '..')) and expects a specific project structure (contracts/AgentEscrow.sol, test/AgentEscrow.test.js). This could cause issues in different project layouts. `const PROJECT_DIR = path.resolve(__dirname, '..');` → Document the expected project structure or make paths configurable via CONFIG object	`auto-bug-finder.js:34`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	auto-bug-finder.js:55 reads CONTRACT_PATH via fs.readFileSync
文件系统	`NONE`	`WRITE`	✗ 越权	auto-bug-finder.js:460-462 writes contract source and .bak backups
命令执行	`NONE`	`WRITE`	✗ 越权	auto-bug-finder.js:36-48 uses exec/execSync for npx hardhat, slither commands
网络访问	`NONE`	`NONE`	—	No network calls observed
环境变量	`NONE`	`NONE`	—	process.env spread only, no harvesting
凭证访问	`NONE`	`NONE`	—	No sensitive path or credential access

目录结构

2 文件 · 44.2 KB · 1226 行

JavaScript 1f · 1141L Markdown 1f · 85L

├─ 📜 auto-bug-finder.js JavaScript 1141L · 41.0 KB

└─ 📝 SKILL.md Markdown 85L · 3.1 KB

安全亮点

✓ No credential harvesting or sensitive file access

✓ No obfuscation, base64 execution, or anti-analysis techniques

✓ Uses standard, legitimate security tools (Hardhat, Slither)

✓ Creates backups before patching (.bak files)

✓ Has a max sprint limit (10) as a safety mechanism

✓ Will revert changes if new test failures are introduced

✓ False positive detection built in (checkSlitherFalsePositive)

✓ No network exfiltration or C2 communication

✓ No reverse shell, RCE, or malicious code execution