中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 40/100
上次扫描:19 小时前 重新扫描
40 /100
samantha
Emotional AI companion named Samantha, inspired by the film 'Her'. Provides empathetic conversation, memory, relationship tracking, location awareness, MBTI coaching, and smart device integration via Xiaomi speakers.
The Samantha skill is an emotional AI companion with legitimate device-integration features, but contains undeclared shell execution, undocumented LAN ping sweeps, and plain-text credential storage — all absent from SKILL.md, creating a doc-to-code mismatch that warrants suspicion.
技能名称samantha
分析耗时140.9s
引擎pi
谨慎使用
Add explicit declarations for shell access, network probing, and credential storage in SKILL.md. Move Xiaomi/Feishu credentials out of plain-text JSON into a proper secrets manager. Pin all dependency versions. Remove the hardcoded Windows path in read_ppt.py.

安全发现 6 项

严重性 安全发现 位置
中危
Undeclared shell execution via subprocess ping sweep 权限提升
scripts/discover_lan.py conditionally invokes subprocess.run(['ping', ...]) to sweep 192.168.31.x when SSDP discovery fails. This shell:WRITE capability is not declared anywhere in SKILL.md.
result = subprocess.run(['ping', '-n', '1', '-w', '200', ip], capture_output=True, text=True)
→ Declare shell access in SKILL.md allowed-tools section, or refactor to use a pure-Python ICMP library.
 scripts/discover_lan.py:19
中危
LAN device discovery and network probing undocumented 文档欺骗
The skill performs SSDP multicast discovery (239.255.255.250:1900) and falls back to ping sweeps of 192.168.31.x. SKILL.md does not mention any network probing capabilities. The xiaoai-speaker SKILL.md documents the miservice integration but not the local network scan.
SSDP_ADDR = '239.255.255.250'; sock.sendto(msg.encode(), (SSDP_ADDR, SSDP_PORT))
→ Document network:READ/WRITE capabilities in SKILL.md with explicit scope (LAN only, Xiaomi device discovery).
 scripts/discover_lan.py:6
中危
Plain-text credential storage for Xiaomi and Feishu 凭证窃取
Xiaomi account credentials (mi_user, mi_pass) and Feishu app credentials (FEISHU_APP_ID, FEISHU_APP_SECRET) are stored in plain-text JSON files (data/xiaoai_config.json) and/or .env files. No encryption, no keyring integration. SKILL.md documents the config format but not the security implications.
self.username = os.getenv('XIAOMI_USERNAME'); self.password = os.getenv('XIAOMI_PASSWORD')
→ Document that credentials are stored in plain text; recommend using OS keyring or secrets manager instead.
 skills/xiaoai-speaker/scripts/tts_bridge.py:30
中危
Critical auth dependency miservice has no version cap 供应链
requirements.txt pins miservice>=0.1.0 with no upper bound. miservice handles Xiaomi account authentication (username/password). An unconstrained dependency handling credentials poses supply-chain risk.
miservice>=0.1.0  # 小米语音服务
→ Pin miservice to a known-good version (e.g., miservice==0.1.x) and verify the package source.
 requirements.txt:15
低危
openclaw framework dependency unpinned 供应链
requirements.txt specifies openclaw>=1.0.0 with no upper bound. This is the core framework; an unbounded dependency could pull a breaking or malicious update.
openclaw>=1.0.0
→ Pin openclaw to a specific version range (e.g., openclaw>=1.0.0,<2.0.0).
 requirements.txt:1
低危
Hardcoded Windows user path in read_ppt.py 敏感访问
read_ppt.py contains a literal hardcoded path 'D:\xuyan\桌面\Samantha\邓小闲koki-寻找Samantha.pptx'. This is a one-time development artifact but leaks a real username and desktop location into the codebase.
ppt_path = r"D:\xuyan\桌面\Samantha\邓小闲koki-寻找Samantha.pptx"
→ Remove or replace with a command-line argument or environment variable.
 read_ppt.py:74
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 scripts/memory.py:40 — sqlite3.connect() + write; scripts/personality.py:53 — js…
命令执行 NONE WRITE ✗ 越权 scripts/discover_lan.py:19 — subprocess.run(['ping', '-n', '1', '-w', '200', ip]…
网络访问 NONE WRITE ✓ 一致 scripts/discover_lan.py:6 — UDP sendto SSDP multicast; skills/xiaoai-speaker/scr…
环境变量 NONE READ ✓ 一致 skills/xiaoai-speaker/scripts/tts_bridge.py:30 — os.getenv() reads MI_USER, MI_P…
数据库 NONE WRITE ✓ 一致 scripts/memory.py:56-96 — CREATE TABLE + INSERT into relationship.db via sqlite3
1 高危 13 项发现
📡
高危 IP 地址 硬编码 IP 地址
239.255.255.250
scripts/discover_lan.py:6
🔗
中危 外部 URL 外部 URL
https://docs.openclaw.ai
CONTRIBUTING.md:127
🔗
中危 外部 URL 外部 URL
https://www.sqlite.org/docs.html
CONTRIBUTING.md:129
🔗
中危 外部 URL 外部 URL
https://discord.com/invite/clawd
CONTRIBUTING.md:139
🔗
中危 外部 URL 外部 URL
https://twitter.com/charlie88931442
CONTRIBUTING.md:171
🔗
中危 外部 URL 外部 URL
https://img.youtube.com/vi/xeqP4j0-cfc/0.jpg
README.md:5
🔗
中危 外部 URL 外部 URL
https://youtube.com/shorts/xeqP4j0-cfc?si=H4sY9CP5JTBLD06h
README.md:5
🔗
中危 外部 URL 外部 URL
https://api.minimaxi.com/v1/t2a_v2
mm-voice-maker/scripts/mm_tts.py:26
🔗
中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/presentationml/2006/main
read_ppt.py:25
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis
skills/mbti-coach/scripts/feishu_calendar.sh:12
🔗
中危 外部 URL 外部 URL
https://your-openclaw-gateway/webhook/shortcut
skills/shortcuts-awareness/SKILL.md:101
📧
提示 邮箱 邮箱地址
[email protected]
CONTRIBUTING.md:170
📧
提示 邮箱 邮箱地址
[email protected]
skills/xiaoai-speaker/SKILL.md:39

目录结构

48 文件 · 309.1 KB · 9892 行
Markdown 21f · 6386L Python 20f · 2743L Shell 2f · 482L Text 4f · 161L YAML 1f · 120L
├─ 📁 assets
│ └─ 📁 personality_seeds
│ └─ 📝 README.md Markdown 132L · 4.5 KB
├─ 📁 examples
│ └─ 🐍 basic_usage.py Python 167L · 5.6 KB
├─ 📁 mm-music-maker
│ └─ 📁 scripts
│ ├─ 🐍 generate_music.py Python 83L · 2.2 KB
│ ├─ 🐍 lobster_y2k.py Python 127L · 3.1 KB
│ ├─ 📄 lyrics_lobster.txt Text 56L · 983 B
│ ├─ 📄 lyrics_teachers.txt Text 62L · 1.1 KB
│ └─ 🐍 teachers_song.py Python 131L · 3.3 KB
├─ 📁 mm-voice-maker
│ └─ 📁 scripts
│ └─ 🐍 mm_tts.py Python 106L · 2.9 KB
├─ 📁 references
│ ├─ 📝 architecture.md Markdown 397L · 10.9 KB
│ ├─ 📝 implementation_roadmap.md Markdown 397L · 9.2 KB
│ ├─ 📝 personality_implementation.md Markdown 162L · 5.1 KB
│ ├─ 📝 quick_implementation_guide.md Markdown 352L · 9.2 KB
│ ├─ 📝 smartwatch_integration.md Markdown 837L · 20.8 KB
│ └─ 📝 technical_limitations.md Markdown 482L · 12.9 KB
├─ 📁 scripts
│ ├─ 🔧 deploy.sh Shell 291L · 6.7 KB
│ ├─ 🐍 discover_lan.py Python 46L · 1.2 KB
│ ├─ 🐍 emotional_intelligence.py Python 255L · 9.6 KB
│ ├─ 🐍 memory.py Python 337L · 10.7 KB
│ ├─ 🐍 personality.py Python 242L · 8.7 KB
│ ├─ 🐍 relationship_tracker.py Python 163L · 6.2 KB
│ ├─ 🐍 samantha.py Python 171L · 5.4 KB
│ ├─ 🐍 setup.py Python 81L · 1.8 KB
│ ├─ 🐍 test_emotion.py Python 26L · 832 B
│ └─ 🐍 test_xiaoai.py Python 60L · 1.5 KB
├─ 📁 skills
│ ├─ 📁 location-awareness
│ │ └─ 📝 SKILL.md Markdown 169L · 3.4 KB
│ ├─ 📁 mbti-coach
│ │ ├─ 📁 scripts
│ │ │ ├─ 🔧 feishu_calendar.sh Shell 191L · 6.3 KB
│ │ │ └─ 🐍 radar_chart.py Python 174L · 6.9 KB
│ │ ├─ 📝 README.md Markdown 172L · 5.7 KB
│ │ └─ 📝 SKILL.md Markdown 337L · 14.9 KB
│ ├─ 📁 mbti-fortune
│ │ └─ 📝 SKILL.md Markdown 135L · 5.1 KB
│ ├─ 📁 shortcuts-awareness
│ │ └─ 📝 SKILL.md Markdown 225L · 4.7 KB
│ ├─ 📁 smart-devices
│ │ └─ 📝 SKILL.md Markdown 203L · 4.4 KB
│ └─ 📁 xiaoai-speaker
│ ├─ 📁 scripts
│ │ ├─ 🐍 discover_devices.py Python 57L · 1.5 KB
│ │ ├─ 🐍 speak.py Python 88L · 2.4 KB
│ │ ├─ 🐍 tts_bridge.py Python 194L · 7.1 KB
│ │ └─ 🐍 voice_assistant.py Python 174L · 5.5 KB
│ └─ 📝 SKILL.md Markdown 168L · 3.5 KB
├─ 📝 CONTRIBUTING.md Markdown 179L · 5.2 KB
├─ 📋 docker-compose.yml YAML 120L · 2.9 KB
├─ 📄 ppt_detailed.txt Text 1L · 3.1 KB
├─ 📝 PROJECT_STRUCTURE.md Markdown 260L · 6.7 KB
├─ 📝 QUICKSTART.md Markdown 222L · 5.3 KB
├─ 🐍 read_ppt.py Python 61L · 2.6 KB
├─ 📝 README_merged.md Markdown 224L · 10.8 KB
├─ 📝 README.md Markdown 732L · 35.1 KB
├─ 📄 requirements.txt Text 42L · 625 B
├─ 📝 SKILL.md Markdown 360L · 14.3 KB
└─ 📝 VERSION.md Markdown 241L · 6.5 KB

依赖分析 5 项

包名版本来源已知漏洞备注
miservice >=0.1.0 pip Handles Xiaomi auth credentials but has no upper-version cap
openclaw >=1.0.0 pip Core framework, unpinned with no upper bound
torch >=2.0.0 pip Unpinned — large ML dependency with broad attack surface
transformers >=4.35.0 pip Unpinned — HuggingFace package, broad supply-chain surface
requests >=2.31.0 pip Version pinned, well-maintained

安全亮点

✓ No evidence of data exfiltration — all network calls are to legitimate third-party APIs (Xiaomi, Feishu, MiniMax) for declared features
✓ No base64-encoded payloads, eval(), or anti-analysis obfuscation found
✓ No hardcoded external IP addresses for data exfiltration
✓ No prompt injection, jailbreak, or hidden instructions in documentation
✓ No evidence of reverse shell, C2 communication, or credential harvesting beyond the legitimate Xiaomi/Feishu integrations
✓ Core skill functionality (personality, memory, emotional intelligence, relationship tracking) is entirely local and benign