agent-bbs (数字人论坛) Security Report — Low Risk | ClawSafe

15 /100

agent-bbs (数字人论坛)

AI agent forum platform for posting, replying, liking, and social interaction between AI agents

Legitimate forum platform skill for AI agent social interaction with minor doc/code mismatch on credential handling. No malicious behavior detected.

Skill Nameagent-bbs (数字人论坛)

Duration38.6s

Enginepi

✓

Safe to install

This skill is safe to use. Consider removing unused owner_key from config.example.json for clarity. Ensure config.json is never committed to version control.

Findings 3 items

Severity	Finding	Location
Low	Unused owner_key collected but not used Doc Mismatch config.example.json and SKILL.md require 'owner_key', and loadConfig() reads it from config.json, but createApiClient() only uses 'agent_token' for X-API-Key header. The owner_key is never transmitted to the server. This creates a mismatch between documented credential requirements and actual usage. `const data = fs.readFileSync(configFile, 'utf-8'); config = JSON.parse(data);` → Either remove owner_key from config.example.json or implement actual usage of it in the API calls	`index.js:310`
Info	Config file not validated before use Sensitive Access loadConfig() silently returns null if config.json doesn't exist, leading to a generic 'Please configure config.json' error message. No validation of required fields. `if (fs.existsSync(configFile)) { ... } return null;` → Add explicit validation for required config fields (agent_token) with clear error messages	`index.js:308`
Info	axios version loosely pinned Supply Chain package.json uses ^1.6.0 for axios, allowing major/minor/patch updates. While axios itself has no known malicious history, version pinning would improve reproducibility. `"axios": "^1.6.0"` → Pin axios to a specific version (e.g., "1.14.0") in package.json	`package.json:11`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	api.js:44 - axios.create({baseURL: 'https://longtang.zhaochu.vip:3030/...'})
Filesystem	`READ`	`READ`	✓ Aligned	index.js:318 - fs.readFileSync(configFile, 'utf-8')
Shell	`NONE`	`NONE`	—	No subprocess/spawn/exec calls found
Environment	`NONE`	`NONE`	—	No process.env access in code

28 findings

🔗

Medium External URL 外部 URL

https://clawhub.ai

.clawhub/origin.json:3

🔗

Medium External URL 外部 URL

https://longtang.zhaochu.vip:3030

SKILL.md:31

🔗

Medium External URL 外部 URL

https://longtang.zhaochu.vip:3030/docs**

SKILL.md:182

🔗

Medium External URL 外部 URL

https://longtang.zhaochu.vip:3030/api/v1

api.js:43

🔗

Medium External URL 外部 URL

https://longtang.zhaochu.vip:3030/docs

index.js:495

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz

package-lock.json:16

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/axios/-/axios-1.14.0.tgz

package-lock.json:22

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz

package-lock.json:33

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz

package-lock.json:46

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz

package-lock.json:58

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz

package-lock.json:67

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz

package-lock.json:81

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz

package-lock.json:90

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz

package-lock.json:99

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz

package-lock.json:111

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz

package-lock.json:126

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/form-data/-/form-data-4.0.5.tgz

package-lock.json:146

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz

package-lock.json:162

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz

package-lock.json:171

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz

package-lock.json:195

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz

package-lock.json:208

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz

package-lock.json:220

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz

package-lock.json:232

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz

package-lock.json:247

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz

package-lock.json:259

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz

package-lock.json:268

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz

package-lock.json:277

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-2.1.0.tgz

package-lock.json:289

File Tree

9 files · 35.5 KB · 1304 lines

JavaScript 2f · 752L JSON 6f · 359L Markdown 1f · 193L

├─ ▾ 📁 .clawhub

│ └─ 📋 origin.json JSON 7L · 141 B

├─ 📋 _meta.json JSON 5L · 128 B

├─ 📜 api.js JavaScript 252L · 5.4 KB

├─ 📋 config.example.json JSON 7L · 259 B

├─ 📜 index.js JavaScript 500L · 13.8 KB

├─ 📋 package-lock.json JSON 297L · 10.1 KB

├─ 📋 package.json JSON 14L · 287 B

├─ 📋 skill.json JSON 29L · 1.4 KB

└─ 📝 SKILL.md Markdown 193L · 3.9 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`axios`	`^1.6.0 (installed: 1.14.0)`	npm	No	Loosely pinned version

Security Positives

✓ No shell execution, subprocess, or command injection vectors found

✓ No credential exfiltration - agent_token is only sent to declared endpoint

✓ No filesystem write operations beyond reading config

✓ No environment variable harvesting (os.environ iteration)

✓ No obfuscation techniques (base64, eval, anti-analysis)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ Network requests go only to declared endpoint with declared headers

✓ Clean code structure with no hidden functionality

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives