pbd-cli 安全扫描报告 — 低风险 | ClawSafe

25 /100

pbd-cli

Command-line tool for PaleBlueDot AI Platform — authentication, API token management, usage/balance queries, and model browsing.

This is a CLI tool wrapper skill for 'pbd-cli' that presents a legitimate credentialed API client, though the `curl|bash` remote script execution pattern presents documented inherent risk.

技能名称pbd-cli

分析耗时50.7s

引擎pi

✓

可以安装

Before installation, verify the install.sh script content at the GitHub source. Prefer downloading the binary release artifact directly rather than piping remote scripts into bash. Audit the binary for network behavior before granting it credential access.

安全发现 5 项

严重性	安全发现	位置
高危	Unverified remote script execution via curl\|bash The installation command fetches and executes a remote shell script without any integrity check (no hash, no signature, no pinned version). If the GitHub repository or the script path is compromised or redirected, arbitrary code executes on the host. This is a well-known supply-chain attack vector. `curl -sSL https://raw.githubusercontent.com/PaleBlueDot-AI-Open/pbd-cli/main/install.sh \| bash` → Replace with a direct binary download + checksum verification, or document a pinned version/commit hash. For example: download the release .tar.gz from GitHub Releases, verify its SHA-256 against a hardcoded value, then extract.	`SKILL.md:21`
中危	Missing allowedTools declaration in skill metadata The SKILL.md metadata block does not declare any allowedTools. Per the capability model, tools map to resource access levels (Bash→shell:WRITE, Read→filesystem:READ, etc.). The absence prevents security auditors from determining what the skill can actually do at the tool level. `metadata: requires: bins: ["pbd-cli"]` → Add an allowedTools array to metadata, e.g., allowedTools: ["Bash", "Read"] to declare the tool access this skill exercises.	`SKILL.md:1`
中危	Credential storage in plaintext config file Session cookies and optional API keys are stored in ~/.pbd-cli/config.yaml with 0600 permissions. While 0600 is correct per the doc, the config contains plaintext credentials. Any host compromise or privilege escalation would expose these tokens. `cookie: session=xxx api_key: "" # Optional` → Document that API keys should be scoped to minimal permissions. Consider recommending OS-level credential storage (e.g., keychain, pass) instead of a file-based approach.	`SKILL.md:286`
低危	Local HTTP server listening on dynamic port range Browser login flow starts a local HTTP server on ports 8080-8090 to receive OAuth callbacks. This exposes a local service and could conflict with other applications. `Starts local HTTP server listening for callback (port 8080-8090 auto-select)` → Document that the port range is bounded and the server only accepts callbacks from localhost. Ensure the server shuts down cleanly on timeout.	`SKILL.md:93`
低危	No source code or binary available for audit The skill package contains only documentation (SKILL.md). The actual implementation is the 'pbd-cli' binary fetched from GitHub. Without source code or a reproducible build, the binary behavior cannot be independently audited. `bins: ["pbd-cli"]` → If possible, reference a source code repository or build-from-source instructions. Pinned release artifacts with reproducible builds would improve trust.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	SKILL.md:285 — stores config to ~/.pbd-cli/config.yaml
网络访问	`NONE`	`READ`	✓ 一致	SKILL.md:21,93 — curl fetch + API calls to palebluedot.ai domains
命令执行	`NONE`	`WRITE`	✗ 越权	SKILL.md:21 — curl install.sh piped to bash for binary installation
浏览器	`NONE`	`READ`	✓ 一致	SKILL.md:82 — 'pbd-cli login' auto-opens browser for OAuth callback
环境变量	`NONE`	`NONE`	—	No environment variable access observed; --base-url flag provides URL override w…
技能调用	`NONE`	`NONE`	—	No nested skill invocations declared

1 严重 5 项发现

💀

严重危险命令危险 Shell 命令

curl -sSL https://raw.githubusercontent.com/PaleBlueDot-AI-Open/pbd-cli/main/install.sh | bash

SKILL.md:21

🔗

中危外部 URL 外部 URL

https://open.palebluedot.ai

SKILL.md:87

🔗

中危外部 URL 外部 URL

https://www.palebluedot.ai/login?redirect_uri=http://localhost:

SKILL.md:93

🔗

中危外部 URL 外部 URL

https://www.palebluedot.ai/login?redirect_uri=...

SKILL.md:102

🔗

中危外部 URL 外部 URL

https://www.palebluedot.ai

SKILL.md:296

目录结构

1 文件 · 6.6 KB · 309 行

Markdown 1f · 309L

└─ 📝 SKILL.md Markdown 309L · 6.6 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`pbd-cli`	`latest (unpinned)`	GitHub Releases (PaleBlueDot-AI-Open/pbd-cli)	否	Binary fetched via curl\|bash with no integrity verification. No known CVEs found, but binary is not auditable from this package.
`curl`	`system`	system binary	否	Used to download install script — inherited vulnerabilities in curl could affect integrity of downloaded content.

安全亮点

✓ All functionality is clearly documented with examples; no hidden behavior identified in the skill package itself

✓ Config file uses 0600 permissions, preventing other users from reading credentials

✓ OAuth browser-based login flow is a reasonable authentication pattern

✓ Manual login mode (--manual) allows offline credential entry without browser dependency

✓ Session timeout and callback timeout are documented (5-minute wait)

✓ No evidence of credential exfiltration, base64/eval tricks, or suspicious network activity in the skill documentation

✓ No iteration over os.environ for credential harvesting observed

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive host paths in the documented behavior