gpt-chat 安全扫描报告 — 低风险 | ClawSafe

8 /100

gpt-chat

GPT聊天 - 使用GPT模型进行对话和内容生成

Legitimate GPT chat skill with declared network/environment access and no malicious behavior; minor doc-to-config mismatch on the default API proxy.

技能名称gpt-chat

分析耗时35.7s

引擎pi

✓

可以安装

Consider documenting the default api.openai-proxy.org proxy and pinning node version in package.json for reproducibility.

安全发现 2 项

严重性	安全发现	位置
低危	Undeclared default API proxy endpoint 文档欺骗 The skill's main script gpt.js defaults to api.openai-proxy.org as the API_BASE instead of the official api.openai.com, but SKILL.md only mentions OPENAI_API_KEY with no mention of the proxy or proxy configuration. The proxy URL can be overridden via OPENAI_API_BASE env var, but this is not documented. `const API_BASE = process.env.OPENAI_API_BASE \|\| 'https://api.openai-proxy.org';` → Document the OPENAI_API_BASE environment variable and the default proxy in SKILL.md, or default to api.openai.com for transparency.	`scripts/gpt.js:11`
低危	Non-existent GPT-5 model references 文档欺骗 The skill advertises GPT-5.2, GPT-5.1, and GPT-5 models with pricing tables in SKILL.md and code constants, but these models do not exist on the public OpenAI API. This is misleading documentation for a model-selector skill. `\| GPT-5.2 \| $1.75/1M tokens \| $14/1M tokens \| 最新旗舰模型 \|` → Use actual OpenAI model names (gpt-4o, gpt-4o-mini, gpt-4-turbo, etc.) or clearly note that these are fictional/demonstration models.	`SKILL.md:16`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ+WRITE`	✓ 一致	SKILL.md:1 — script execution implies node access; gpt.js:state.json write; gene…
网络访问	`READ`	`READ`	✓ 一致	gpt.js:36-62 — HTTPS POST to api.openai-proxy.org (or env-configured endpoint)
环境变量	`READ`	`READ`	✓ 一致	gpt.js:11 reads OPENAI_API_KEY and OPENAI_API_BASE from process.env
命令执行	`NONE`	`NONE`	—	No shell/shutdown/exec calls; server.js uses Node.js process signals which are s…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation found
剪贴板	`NONE`	`NONE`	—	Not accessed
浏览器	`NONE`	`NONE`	—	Not accessed
数据库	`NONE`	`NONE`	—	Not accessed

1 项发现

🔗

中危外部 URL 外部 URL

https://api.openai-proxy.org

scripts/gpt.js:11

9 文件 · 14.1 KB · 530 行

JavaScript 6f · 455L Markdown 1f · 60L JSON 2f · 15L

├─ ▾ 📁 scripts

│ ├─ 📜 generate-article.js JavaScript 73L · 1.9 KB

│ ├─ 📜 gpt.js JavaScript 136L · 3.9 KB

│ ├─ 📜 server.js JavaScript 130L · 3.6 KB

│ ├─ 📋 state.json JSON 2L · 31 B

│ ├─ 📜 test-chat.js JavaScript 49L · 1.2 KB

│ ├─ 📜 test-key.js JavaScript 31L · 817 B

│ └─ 📜 test.js JavaScript 36L · 754 B

├─ 📋 package.json JSON 13L · 338 B

└─ 📝 SKILL.md Markdown 60L · 1.5 KB

✓ No shell execution, reverse shells, or command injection patterns detected

✓ No credential harvesting beyond the declared OPENAI_API_KEY

✓ No base64-encoded payloads, eval(), or obfuscation techniques

✓ No sensitive file path access (~/.ssh, ~/.aws, .env) beyond state.json

✓ No data exfiltration or C2 communication patterns

✓ No supply chain risks — package.json has no external dependencies

✓ HTTPS used for all API calls with Bearer token authentication

✓ State persistence is local-only (state.json in scripts directory)