samantha Security Report — Suspicious | ClawSafe

40 /100

samantha

Emotional AI companion named Samantha, inspired by the film 'Her'. Provides empathetic conversation, memory, relationship tracking, location awareness, MBTI coaching, and smart device integration via Xiaomi speakers.

The Samantha skill is an emotional AI companion with legitimate device-integration features, but contains undeclared shell execution, undocumented LAN ping sweeps, and plain-text credential storage — all absent from SKILL.md, creating a doc-to-code mismatch that warrants suspicion.

Skill Namesamantha

Duration140.9s

Enginepi

⚠

Use with caution

Add explicit declarations for shell access, network probing, and credential storage in SKILL.md. Move Xiaomi/Feishu credentials out of plain-text JSON into a proper secrets manager. Pin all dependency versions. Remove the hardcoded Windows path in read_ppt.py.

Findings 6 items

Severity	Finding	Location
Medium	Undeclared shell execution via subprocess ping sweep Priv Escalation scripts/discover_lan.py conditionally invokes subprocess.run(['ping', ...]) to sweep 192.168.31.x when SSDP discovery fails. This shell:WRITE capability is not declared anywhere in SKILL.md. `result = subprocess.run(['ping', '-n', '1', '-w', '200', ip], capture_output=True, text=True)` → Declare shell access in SKILL.md allowed-tools section, or refactor to use a pure-Python ICMP library.	`scripts/discover_lan.py:19`
Medium	LAN device discovery and network probing undocumented Doc Mismatch The skill performs SSDP multicast discovery (239.255.255.250:1900) and falls back to ping sweeps of 192.168.31.x. SKILL.md does not mention any network probing capabilities. The xiaoai-speaker SKILL.md documents the miservice integration but not the local network scan. `SSDP_ADDR = '239.255.255.250'; sock.sendto(msg.encode(), (SSDP_ADDR, SSDP_PORT))` → Document network:READ/WRITE capabilities in SKILL.md with explicit scope (LAN only, Xiaomi device discovery).	`scripts/discover_lan.py:6`
Medium	Plain-text credential storage for Xiaomi and Feishu Credential Theft Xiaomi account credentials (mi_user, mi_pass) and Feishu app credentials (FEISHU_APP_ID, FEISHU_APP_SECRET) are stored in plain-text JSON files (data/xiaoai_config.json) and/or .env files. No encryption, no keyring integration. SKILL.md documents the config format but not the security implications. `self.username = os.getenv('XIAOMI_USERNAME'); self.password = os.getenv('XIAOMI_PASSWORD')` → Document that credentials are stored in plain text; recommend using OS keyring or secrets manager instead.	`skills/xiaoai-speaker/scripts/tts_bridge.py:30`
Medium	Critical auth dependency miservice has no version cap Supply Chain requirements.txt pins miservice>=0.1.0 with no upper bound. miservice handles Xiaomi account authentication (username/password). An unconstrained dependency handling credentials poses supply-chain risk. `miservice>=0.1.0 # 小米语音服务` → Pin miservice to a known-good version (e.g., miservice==0.1.x) and verify the package source.	`requirements.txt:15`
Low	openclaw framework dependency unpinned Supply Chain requirements.txt specifies openclaw>=1.0.0 with no upper bound. This is the core framework; an unbounded dependency could pull a breaking or malicious update. `openclaw>=1.0.0` → Pin openclaw to a specific version range (e.g., openclaw>=1.0.0,<2.0.0).	`requirements.txt:1`
Low	Hardcoded Windows user path in read_ppt.py Sensitive Access read_ppt.py contains a literal hardcoded path 'D:\xuyan\桌面\Samantha\邓小闲koki-寻找Samantha.pptx'. This is a one-time development artifact but leaks a real username and desktop location into the codebase. `ppt_path = r"D:\xuyan\桌面\Samantha\邓小闲koki-寻找Samantha.pptx"` → Remove or replace with a command-line argument or environment variable.	`read_ppt.py:74`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	scripts/memory.py:40 — sqlite3.connect() + write; scripts/personality.py:53 — js…
Shell	`NONE`	`WRITE`	✗ Violation	scripts/discover_lan.py:19 — subprocess.run(['ping', '-n', '1', '-w', '200', ip]…
Network	`NONE`	`WRITE`	✓ Aligned	scripts/discover_lan.py:6 — UDP sendto SSDP multicast; skills/xiaoai-speaker/scr…
Environment	`NONE`	`READ`	✓ Aligned	skills/xiaoai-speaker/scripts/tts_bridge.py:30 — os.getenv() reads MI_USER, MI_P…
Database	`NONE`	`WRITE`	✓ Aligned	scripts/memory.py:56-96 — CREATE TABLE + INSERT into relationship.db via sqlite3

1 High 13 findings

📡

High IP Address 硬编码 IP 地址

239.255.255.250

scripts/discover_lan.py:6

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

CONTRIBUTING.md:127

🔗

Medium External URL 外部 URL

https://www.sqlite.org/docs.html

CONTRIBUTING.md:129

🔗

Medium External URL 外部 URL

https://discord.com/invite/clawd

CONTRIBUTING.md:139

🔗

Medium External URL 外部 URL

https://twitter.com/charlie88931442

CONTRIBUTING.md:171

🔗

Medium External URL 外部 URL

https://img.youtube.com/vi/xeqP4j0-cfc/0.jpg

README.md:5

🔗

Medium External URL 外部 URL

https://youtube.com/shorts/xeqP4j0-cfc?si=H4sY9CP5JTBLD06h

README.md:5

🔗

Medium External URL 外部 URL

https://api.minimaxi.com/v1/t2a_v2

mm-voice-maker/scripts/mm_tts.py:26

🔗

Medium External URL 外部 URL

http://schemas.openxmlformats.org/presentationml/2006/main

read_ppt.py:25

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis

skills/mbti-coach/scripts/feishu_calendar.sh:12

🔗

Medium External URL 外部 URL

https://your-openclaw-gateway/webhook/shortcut

skills/shortcuts-awareness/SKILL.md:101

📧

Info Email 邮箱地址

[email protected]

CONTRIBUTING.md:170

📧

Info Email 邮箱地址

[email protected]

skills/xiaoai-speaker/SKILL.md:39

File Tree

48 files · 309.1 KB · 9892 lines

Markdown 21f · 6386L Python 20f · 2743L Shell 2f · 482L Text 4f · 161L YAML 1f · 120L

├─ ▾ 📁 assets

│ └─ ▾ 📁 personality_seeds

│ └─ 📝 README.md Markdown 132L · 4.5 KB

├─ ▾ 📁 examples

│ └─ 🐍 basic_usage.py Python 167L · 5.6 KB

├─ ▾ 📁 mm-music-maker

│ └─ ▾ 📁 scripts

│ ├─ 🐍 generate_music.py Python 83L · 2.2 KB

│ ├─ 🐍 lobster_y2k.py Python 127L · 3.1 KB

│ ├─ 📄 lyrics_lobster.txt Text 56L · 983 B

│ ├─ 📄 lyrics_teachers.txt Text 62L · 1.1 KB

│ └─ 🐍 teachers_song.py Python 131L · 3.3 KB

├─ ▾ 📁 mm-voice-maker

│ └─ ▾ 📁 scripts

│ └─ 🐍 mm_tts.py Python 106L · 2.9 KB

├─ ▾ 📁 references

│ ├─ 📝 architecture.md Markdown 397L · 10.9 KB

│ ├─ 📝 implementation_roadmap.md Markdown 397L · 9.2 KB

│ ├─ 📝 personality_implementation.md Markdown 162L · 5.1 KB

│ ├─ 📝 quick_implementation_guide.md Markdown 352L · 9.2 KB

│ ├─ 📝 smartwatch_integration.md Markdown 837L · 20.8 KB

│ └─ 📝 technical_limitations.md Markdown 482L · 12.9 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 deploy.sh Shell 291L · 6.7 KB

│ ├─ 🐍 discover_lan.py Python 46L · 1.2 KB

│ ├─ 🐍 emotional_intelligence.py Python 255L · 9.6 KB

│ ├─ 🐍 memory.py Python 337L · 10.7 KB

│ ├─ 🐍 personality.py Python 242L · 8.7 KB

│ ├─ 🐍 relationship_tracker.py Python 163L · 6.2 KB

│ ├─ 🐍 samantha.py Python 171L · 5.4 KB

│ ├─ 🐍 setup.py Python 81L · 1.8 KB

│ ├─ 🐍 test_emotion.py Python 26L · 832 B

│ └─ 🐍 test_xiaoai.py Python 60L · 1.5 KB

├─ ▾ 📁 skills

│ ├─ ▾ 📁 location-awareness

│ │ └─ 📝 SKILL.md Markdown 169L · 3.4 KB

│ ├─ ▾ 📁 mbti-coach

│ │ ├─ ▾ 📁 scripts

│ │ │ ├─ 🔧 feishu_calendar.sh Shell 191L · 6.3 KB

│ │ │ └─ 🐍 radar_chart.py Python 174L · 6.9 KB

│ │ ├─ 📝 README.md Markdown 172L · 5.7 KB

│ │ └─ 📝 SKILL.md Markdown 337L · 14.9 KB

│ ├─ ▾ 📁 mbti-fortune

│ │ └─ 📝 SKILL.md Markdown 135L · 5.1 KB

│ ├─ ▾ 📁 shortcuts-awareness

│ │ └─ 📝 SKILL.md Markdown 225L · 4.7 KB

│ ├─ ▾ 📁 smart-devices

│ │ └─ 📝 SKILL.md Markdown 203L · 4.4 KB

│ └─ ▾ 📁 xiaoai-speaker

│ ├─ ▾ 📁 scripts

│ │ ├─ 🐍 discover_devices.py Python 57L · 1.5 KB

│ │ ├─ 🐍 speak.py Python 88L · 2.4 KB

│ │ ├─ 🐍 tts_bridge.py Python 194L · 7.1 KB

│ │ └─ 🐍 voice_assistant.py Python 174L · 5.5 KB

│ └─ 📝 SKILL.md Markdown 168L · 3.5 KB

├─ 📝 CONTRIBUTING.md Markdown 179L · 5.2 KB

├─ 📋 docker-compose.yml YAML 120L · 2.9 KB

├─ 📄 ppt_detailed.txt Text 1L · 3.1 KB

├─ 📝 PROJECT_STRUCTURE.md Markdown 260L · 6.7 KB

├─ 📝 QUICKSTART.md Markdown 222L · 5.3 KB

├─ 🐍 read_ppt.py Python 61L · 2.6 KB

├─ 📝 README_merged.md Markdown 224L · 10.8 KB

├─ 📝 README.md Markdown 732L · 35.1 KB

├─ 📄 requirements.txt Text 42L · 625 B

├─ 📝 SKILL.md Markdown 360L · 14.3 KB

└─ 📝 VERSION.md Markdown 241L · 6.5 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`miservice`	`>=0.1.0`	pip	No	Handles Xiaomi auth credentials but has no upper-version cap
`openclaw`	`>=1.0.0`	pip	No	Core framework, unpinned with no upper bound
`torch`	`>=2.0.0`	pip	No	Unpinned — large ML dependency with broad attack surface
`transformers`	`>=4.35.0`	pip	No	Unpinned — HuggingFace package, broad supply-chain surface
`requests`	`>=2.31.0`	pip	No	Version pinned, well-maintained

Security Positives

✓ No evidence of data exfiltration — all network calls are to legitimate third-party APIs (Xiaomi, Feishu, MiniMax) for declared features

✓ No base64-encoded payloads, eval(), or anti-analysis obfuscation found

✓ No hardcoded external IP addresses for data exfiltration

✓ No prompt injection, jailbreak, or hidden instructions in documentation

✓ No evidence of reverse shell, C2 communication, or credential harvesting beyond the legitimate Xiaomi/Feishu integrations

✓ Core skill functionality (personality, memory, emotional intelligence, relationship tracking) is entirely local and benign

Scan Report

Findings 6 items

File Tree

Dependencies 5 items

Security Positives