中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:17 小时前 重新扫描
10 /100
ocas-vesper
Daily briefing generator that aggregates signals from across the system into concise morning and evening briefings
Vesper briefing skill has no malicious behavior; the flagged base64 -d usage is legitimate GitHub API response decoding for version checking, fully documented in SKILL.md.
技能名称ocas-vesper
分析耗时44.0s
引擎pi
可以安装
No action required. The skill's self-update mechanism is properly documented and uses standard practices for GitHub API interaction.

安全发现 2 项

严重性 安全发现 位置
提示
Self-update mechanism uses base64 decoding 文档欺骗
SKILL.md line 275 uses 'base64 -d' to decode GitHub API response content. This is legitimate functionality for parsing the base64-encoded skill.json from GitHub's API, not obfuscated code execution.
gh api "repos/{owner}/{repo}/contents/skill.json" --jq '.content' | base64 -d | python3 -c "import sys,json;print(json.load(sys.stdin)['version'])"
→ No action needed. This is standard GitHub API usage documented in skill.json under self_update.
 SKILL.md:275
低危
Cooperative read from other skills' directories 权限提升
Vesper reads InsightProposal files and reports from other skills' directories (/workspace/openclaw/data/ocas-*/proposals/ and /workspace/openclaw/data/ocas-*/reports/). This cross-skill data access is declared in SKILL.md but skill_invoke is marked NONE.
Read InsightProposal files from each skill's proposals/ directory: /workspace/openclaw/data/ocas-corvus/proposals/
→ Consider marking skill_invoke as READ in skill.json to reflect actual cross-skill data access pattern.
 SKILL.md:141
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md lines 141-147: reads from ~/openclaw/data/*/proposals/ and ~/openclaw/d…
文件系统 WRITE WRITE ✓ 一致 SKILL.md lines 147-153: writes to ~/openclaw/data/ocas-vesper/ and ~/openclaw/jo…
网络访问 READ READ ✓ 一致 SKILL.md lines 266-284: gh api for GitHub version check, documented in skill.jso…
命令执行 ADMIN ADMIN ✓ 一致 SKILL.md lines 266-284: uses gh CLI, tar, python3 for self-update; cron registra…
技能调用 NONE READ ✓ 一致 SKILL.md lines 141-147: reads InsightProposal files from other skills' directori…
环境变量 NONE NONE No os.environ access detected
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
1 严重 5 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d
SKILL.md:275
🔗
中危 外部 URL 外部 URL
https://calendar.google.com/calendar/event?eid=
SKILL.md:89
🔗
中危 外部 URL 外部 URL
https://maps.google.com/?q=
SKILL.md:89
🔗
中危 外部 URL 外部 URL
https://mail.google.com/mail/u/0/#inbox/
SKILL.md:89
📧
提示 邮箱 邮箱地址
[email protected]
skill.json:6

目录结构

8 文件 · 30.9 KB · 697 行
Markdown 7f · 649L JSON 1f · 48L
├─ 📁 references
│ ├─ 📝 briefing_templates.md Markdown 110L · 4.0 KB
│ ├─ 📝 journal.md Markdown 73L · 1.8 KB
│ ├─ 📝 schemas.md Markdown 32L · 1.3 KB
│ └─ 📝 signal_filtering.md Markdown 25L · 1005 B
├─ 📝 CHANGELOG.md Markdown 40L · 1.8 KB
├─ 📝 README.md Markdown 67L · 3.9 KB
├─ 📋 skill.json JSON 48L · 1.7 KB
└─ 📝 SKILL.md Markdown 302L · 15.4 KB

安全亮点

✓ All capabilities properly declared in skill.json with clear scope boundaries
✓ Self-update mechanism is fully documented and uses version checking before download
✓ No credential harvesting or environment variable access
✓ No data exfiltration or external communication beyond documented GitHub API
✓ Cooperative inter-skill interface follows read-only pattern (doesn't write to others' directories)
✓ No obfuscated code, reverse shells, or C2 indicators
✓ Scheduled tasks (cron) are clearly documented with proper session isolation
✓ Filesystem access is scoped to expected /workspace/openclaw/data/ocas-vesper/ directory
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution patterns