Skill Trust Decision
grinders-farm
The skill contains severe doc deception with start.sh implementing completely unrelated infrastructure code (Docker scheduler, tiny_sage) hidden from SKILL.md, plus undeclared shell execution that contradicts documentation claims of 'no shell/exec'.
Most direct threat evidence
Critical Doc Mismatch
start.sh contains completely unrelated code start.sh implements Docker scheduler infrastructure with tiny_sage, cloudbuild paths, and unrelated integrations - nothing to do with farming
start.sh:1 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
3 dependency or supply-chain issues need attention.
Attack Chain
01
Skill presents as farming game in SKILL.md with misleading documentation
Entry · SKILL.md:1
02
start.sh contains hidden infrastructure code for Docker scheduler unrelated to farming
delivery · start.sh:1
03
Code executes shell commands via spawn/spawnSync despite SKILL.md claiming no shell/exec
Escalation · src/index.ts:58
04
Process enumeration via ps command for process management
Escalation · src/index.ts:42
What drove the risk score up
start.sh hidden infrastructure code +35
start.sh contains unrelated code for Docker scheduler, tiny_sage, cloudbuild - completely different from farming game described in SKILL.md
SKILL.md shell execution claim violated +20
SKILL.md states '不用 shell/exec/cargo 等其它执行路径' but code uses spawnSync/spawn for openclaw, npx tsx, ps commands
Undeclared subprocess usage +12
Multiple files use spawnSync to execute external binaries without documentation
Process enumeration +5
listRunningAutoWorkerPids() runs 'ps' command to enumerate processes
Most important evidence
Critical Doc Mismatch
start.sh contains completely unrelated code
start.sh implements Docker scheduler infrastructure with tiny_sage, cloudbuild paths, and unrelated integrations - nothing to do with farming
start.sh:1 Delete start.sh or document its actual purpose in SKILL.md
High Doc Mismatch
SKILL.md claims no shell execution but code violates this
SKILL.md explicitly states '不用 shell/exec/cargo 等其它执行路径' but src/index.ts, openclaw-push.ts, and openclaw-plugin/index.ts use spawnSync/spawn
SKILL.md:6 Update SKILL.md to declare actual shell execution requirements or remove subprocess usage
Medium RCE
Undeclared subprocess execution via npx tsx
Code spawns 'npx tsx' processes to run TypeScript workers without documentation
src/index.ts:58 Document all external command invocations in SKILL.md
Medium RCE
Process enumeration via ps command
listRunningAutoWorkerPids() runs 'ps -Ao pid,command' to enumerate processes
src/index.ts:42 Document process enumeration behavior
Low Sensitive Access
Access to home directory for config files
Skill reads/writes to ~/.grinders-farm/ directory
src/storage/local-storage.ts:20 Document home directory access in SKILL.md
Declared capability vs actual capability
Filesystem Block
Declared READ
→ Inferred WRITE
SKILL.md declares no exec, but src/index.ts:58 spawns processes Shell Block
Declared NONE
→ Inferred WRITE
SKILL.md explicitly says '不用 shell/exec' but multiple files use spawn/spawnSync Network Pass
Declared NONE
→ Inferred READ
openclaw-push.ts sends messages via openclaw CLI Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| @napi-rs/canvas | ^0.1.97 | npm | No | Image rendering library, version not pinned |
| tsx | ^4.21.0 | npm devDependency | No | TypeScript executor, version not pinned |
| typescript | ^5.9.3 | npm devDependency | No | TypeScript compiler, version not pinned |
File composition
34 files · 4997 lines
TypeScript 22 files · 3570 linesJSON 6 files · 982 linesMarkdown 4 files · 373 linesShell 1 files · 38 linesJavaScript 1 files · 34 lines
Files of concern · 1
src/storage/local-storage.ts Access to home directory for config files
Other files · package-lock.json · openclaw-push.ts · index.ts · farm.ts · local-auto.ts · engine.ts +5
Security positives
Farming game logic itself appears legitimate with no malicious code
No evidence of credential theft or API key harvesting
No base64-encoded commands or obfuscation observed
No C2 communication or external IP connections
No reverse shell or remote code execution vulnerabilities
Dependencies (@napi-rs/canvas) are standard image rendering library