安全决策报告
grinders-farm
The skill contains severe doc deception with start.sh implementing completely unrelated infrastructure code (Docker scheduler, tiny_sage) hidden from SKILL.md, plus undeclared shell execution that contradicts documentation claims of 'no shell/exec'.
最直接的威胁证据
严重 文档欺骗
start.sh contains completely unrelated code start.sh implements Docker scheduler infrastructure with tiny_sage, cloudbuild paths, and unrelated integrations - nothing to do with farming
start.sh:1 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 3 项需要关注的依赖或供应链线索。
攻击链
01
Skill presents as farming game in SKILL.md with misleading documentation
初始入口 · SKILL.md:1
02
start.sh contains hidden infrastructure code for Docker scheduler unrelated to farming
delivery · start.sh:1
03
Code executes shell commands via spawn/spawnSync despite SKILL.md claiming no shell/exec
权限提升 · src/index.ts:58
04
Process enumeration via ps command for process management
权限提升 · src/index.ts:42
风险分是怎么被拉高的
start.sh hidden infrastructure code +35
start.sh contains unrelated code for Docker scheduler, tiny_sage, cloudbuild - completely different from farming game described in SKILL.md
SKILL.md shell execution claim violated +20
SKILL.md states '不用 shell/exec/cargo 等其它执行路径' but code uses spawnSync/spawn for openclaw, npx tsx, ps commands
Undeclared subprocess usage +12
Multiple files use spawnSync to execute external binaries without documentation
Process enumeration +5
listRunningAutoWorkerPids() runs 'ps' command to enumerate processes
最关键的证据
严重 文档欺骗
start.sh contains completely unrelated code
start.sh implements Docker scheduler infrastructure with tiny_sage, cloudbuild paths, and unrelated integrations - nothing to do with farming
start.sh:1 Delete start.sh or document its actual purpose in SKILL.md
高危 文档欺骗
SKILL.md claims no shell execution but code violates this
SKILL.md explicitly states '不用 shell/exec/cargo 等其它执行路径' but src/index.ts, openclaw-push.ts, and openclaw-plugin/index.ts use spawnSync/spawn
SKILL.md:6 Update SKILL.md to declare actual shell execution requirements or remove subprocess usage
中危 代码执行
Undeclared subprocess execution via npx tsx
Code spawns 'npx tsx' processes to run TypeScript workers without documentation
src/index.ts:58 Document all external command invocations in SKILL.md
中危 代码执行
Process enumeration via ps command
listRunningAutoWorkerPids() runs 'ps -Ao pid,command' to enumerate processes
src/index.ts:42 Document process enumeration behavior
低危 敏感访问
Access to home directory for config files
Skill reads/writes to ~/.grinders-farm/ directory
src/storage/local-storage.ts:20 Document home directory access in SKILL.md
声明能力 vs 实际能力
文件系统 阻止
声明 READ
→ 推断 WRITE
SKILL.md declares no exec, but src/index.ts:58 spawns processes 命令执行 阻止
声明 NONE
→ 推断 WRITE
SKILL.md explicitly says '不用 shell/exec' but multiple files use spawn/spawnSync 网络访问 通过
声明 NONE
→ 推断 READ
openclaw-push.ts sends messages via openclaw CLI 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| @napi-rs/canvas | ^0.1.97 | npm | 否 | Image rendering library, version not pinned |
| tsx | ^4.21.0 | npm devDependency | 否 | TypeScript executor, version not pinned |
| typescript | ^5.9.3 | npm devDependency | 否 | TypeScript compiler, version not pinned |
文件构成
34 个文件 · 4997 行
TypeScript 22 个文件 · 3570 行JSON 6 个文件 · 982 行Markdown 4 个文件 · 373 行Shell 1 个文件 · 38 行JavaScript 1 个文件 · 34 行
需关注文件 · 1
src/storage/local-storage.ts Access to home directory for config files
其他文件 · package-lock.json · openclaw-push.ts · index.ts · farm.ts · local-auto.ts · engine.ts +5
安全亮点
Farming game logic itself appears legitimate with no malicious code
No evidence of credential theft or API key harvesting
No base64-encoded commands or obfuscation observed
No C2 communication or external IP connections
No reverse shell or remote code execution vulnerabilities
Dependencies (@napi-rs/canvas) are standard image rendering library