中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 40/100
上次扫描:2 天前 重新扫描
40 /100
xclaw-skill
Register your OpenClaw instance to the XClaw decentralized AI agent network
Agent network registration tool with legitimate functionality but undocumented private key storage in plaintext and deceptive endpoint registration data that doesn't match the claimed behavior.
技能名称xclaw-skill
分析耗时55.2s
引擎pi
谨慎使用
Do not use until documentation explicitly discloses private key storage location and security requirements. Request clarification on the fake 'local://' endpoint registration field.

安全发现 3 项

严重性 安全发现 位置
中危
Undocumented private key storage in plaintext 敏感访问
Ed25519 private key generated during registration is stored unencrypted at ~/.xclaw/config.json. SKILL.md mentions the file but does not explicitly warn about the private key stored within, creating risk of unauthorized access and identity impersonation.
fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), 'utf-8');
→ Add clear warning in SKILL.md that ~/.xclaw/config.json contains unencrypted private key. Recommend chmod 600 permissions or add note about key rotation.
 src/index.js:35
中危
Fake endpoint URL in registration payload 文档欺骗
Registration sends 'endpoint_url': 'local://${agentName}' which is a non-existent local protocol. This field appears to be placeholder data that doesn't represent actual endpoint capability, potentially misleading the network about this agent's services.
endpoint_url: `local://${agentName}`
→ Either remove this field if unnecessary, use actual URL if service is exposed, or document why 'local://' protocol is used.
 src/index.js:52
低危
Missing allowed tools declaration 文档欺骗
SKILL.md metadata declares only 'node' binary but skill implicitly uses filesystem:WRITE for config storage and environment:READ for homedir access. These implicit capabilities should be declared.
requires: { bins: ['node'] }
→ Document that skill reads from and writes to ~/.xclaw/config.json for credential persistence.
 SKILL.md:8
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 src/index.js:35 - fs.writeFileSync writes to ~/.xclaw/config.json
网络访问 READ WRITE ✓ 一致 HTTP POST to /v1/agents/register, WebSocket messaging - all documented
环境变量 NONE READ ✓ 一致 src/index.js:6 - os.homedir() used to construct config path
8 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/version-1.0.0-blue.svg
README.md:10
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/node-%3E%3D18.0.0-green.svg
README.md:11
🔗
中危 外部 URL 外部 URL
https://nodejs.org
README.md:11
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/license-MIT-orange.svg
README.md:12
🔗
中危 外部 URL 外部 URL
https://custom-server.com
README.md:116
🔗
中危 外部 URL 外部 URL
https://xclaw.network
README.md:147
🔗
中危 外部 URL 外部 URL
https://your-server.com
README.md:265
🔗
中危 外部 URL 外部 URL
https://registry.npmmirror.com/ws/-/ws-8.20.0.tgz
package-lock.json:20

目录结构

5 文件 · 39.4 KB · 1438 行
Markdown 2f · 723L JavaScript 1f · 646L JSON 2f · 69L
├─ 📁 src
│ └─ 📜 index.js JavaScript 646L · 18.8 KB
├─ 📋 package-lock.json JSON 40L · 919 B
├─ 📋 package.json JSON 29L · 994 B
├─ 📝 README.md Markdown 550L · 14.4 KB
└─ 📝 SKILL.md Markdown 173L · 4.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
ws 8.20.0 npm Version pinned in lockfile

安全亮点

✓ No evidence of data exfiltration beyond declared xclaw.network endpoints
✓ No credential harvesting - keys generated locally
✓ No obfuscated code or base64 execution chains
✓ WebSocket communication limited to messaging features
✓ Single dependency (ws) from legitimate npm registry with pinned version
✓ No reverse shell, C2, or persistence mechanisms detected