Manusilized 安全扫描报告 — 可信 | ClawSafe

5 /100

Manusilized

Core architecture upgrades for OpenClaw to bring Manus-like silky-smooth streaming and enterprise-grade reliability to open-source Ollama models

Manusilized is a legitimate OpenClaw core patch for enhanced Ollama streaming and tool-calling support; no malicious behavior, credential theft, or undeclared capabilities were found.

技能名称Manusilized

分析耗时41.7s

引擎pi

✓

可以安装

This skill is safe to use. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	install-patch.sh writes to $OPENCLAW_PATH/src/agents/
网络访问	`READ`	`READ`	✓ 一致	patches/ollama-models.ts:39, patches/ollama-stream.ts:438 — HTTP POST/GET to use…
命令执行	`WRITE`	`WRITE`	✓ 一致	install-patch.sh:30-33 — local cp and backup operations only
环境变量	`NONE`	`NONE`	—	No os.environ access detected
技能调用	`NONE`	`NONE`	—	No skill invocation or delegation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	No browser automation detected
数据库	`NONE`	`NONE`	—	No database access detected

1 项发现

🔗

中危外部 URL 外部 URL

http://192.168.20.14:11434/v1

patches/ollama-models.ts:39

目录结构

7 文件 · 29.5 KB · 940 行

TypeScript 2f · 827L Markdown 2f · 50L Shell 1f · 36L YAML 1f · 15L JSON 1f · 12L

├─ ▾ 📁 patches

│ ├─ 📜 ollama-models.ts TypeScript 157L · 4.8 KB

│ ├─ 📜 ollama-stream.ts TypeScript 670L · 20.0 KB

│ └─ 📝 README.md Markdown 11L · 560 B

├─ 📋 clawhub.yaml YAML 15L · 428 B

├─ 🔧 install-patch.sh Shell 36L · 1.3 KB

├─ 📋 package.json JSON 12L · 231 B

└─ 📝 SKILL.md Markdown 39L · 2.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`@mariozechner/pi-agent-core`	`*`	npm	否	Imported but not in package.json; transitive dependency
`@mariozechner/pi-ai`	`*`	npm	否	Imported but not in package.json; transitive dependency

安全亮点

✓ No credential harvesting — code does not read API keys, passwords, tokens, or sensitive environment variables

✓ No remote script execution — install-patch.sh performs only local file operations (cp, mkdir check)

✓ No data exfiltration — no outbound network calls to external IPs except user-configured Ollama endpoints

✓ No obfuscation — all code is plain TypeScript, no base64, no eval(), no dynamic code generation

✓ No sensitive file access — no reads of ~/.ssh, ~/.aws, .env, or similar credential paths

✓ No persistence mechanisms — no cron jobs, startup hooks, or backdoor installation

✓ Markdown tool-call extraction is defensive-only and documented in code comments

✓ NDJSON streaming parser is standard implementation with no malicious intent

✓ HTTP requests are limited to Ollama API endpoints configured by the user

✓ install-patch.sh validates path existence before writing and creates backups (.bak files)