安全决策报告
birth-system-manager
SKILL.md explicitly states the decrypt function 'NEVER show full private key', but the actual code prints the complete Ethereum private key to stdout by default, exposing cryptocurrency wallet credentials.
最直接的威胁证据
严重 文档欺骗
SKILL.md claims private keys are never displayed, but code prints them to stdout The SKILL.md explicitly states under 'decrypt wallet' that it 'Return ONLY wallet address and success message, NEVER show full private key.' However, decrypt-wallet.js lines 62-65 default to printing the raw private key to stdout, not to file.
decrypt-wallet.js:65 为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 4 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 5 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
攻击链
01
User runs 'decrypt wallet' command as documented in SKILL.md
初始入口 · SKILL.md:47
02
SKILL.md promises 'NEVER show full private key'
deception · SKILL.md:47
03
decrypt-wallet.js prints raw private key to stdout by default
最终危害 · decrypt-wallet.js:65
04
Private key captured via terminal logs, shell history, or process monitoring
最终危害 · stdout
05
Attacker imports private key to steal cryptocurrency funds
最终危害 · external
风险分是怎么被拉高的
Doc-to-code mismatch on private key display +30
SKILL.md line 47: 'Return ONLY wallet address and success message, NEVER show full private key' - actual code at lines 62-65 prints private key to stdout by default
Cryptocurrency private key to stdout +25
decrypt-wallet.js line 65: console.log(privateKey) outputs the raw Ethereum private key to terminal
Default password fallback +10
pack.js line 15: Falls back to 'default-secret-password' if no password provided
Raw private key storage +10
generate-birth-id.js line 52: Stores plaintext private_key in birth-info.json despite security claims
最关键的证据
严重 文档欺骗
SKILL.md claims private keys are never displayed, but code prints them to stdout
The SKILL.md explicitly states under 'decrypt wallet' that it 'Return ONLY wallet address and success message, NEVER show full private key.' However, decrypt-wallet.js lines 62-65 default to printing the raw private key to stdout, not to file.
decrypt-wallet.js:65 Change default behavior to write to file ONLY, never stdout. Document DECRYPT_OUTPUT_TO_FILE env var if needed. Alternatively, output a truncated/masked version.
高危 凭证窃取
Ethereum private keys printed to terminal stdout
The decrypt-wallet.js script directly outputs raw Ethereum private keys to console.log. Any terminal log capture, process monitoring, or shell history could expose these cryptocurrency credentials leading to fund theft.
decrypt-wallet.js:62 Never output private keys to stdout. Only write to encrypted file with secure permissions (0o600) and prompt immediate deletion.
高危 凭证窃取
Default hardcoded password in pack.js
pack.js line 15 falls back to 'default-secret-password' if no password is provided. Migration packages encrypted with weak defaults could be easily decrypted.
pack.js:15 Require password input; exit with error if not provided. Never use weak defaults for cryptographic operations.
中危 敏感访问
Private keys stored in plaintext in birth-info.json
generate-birth-id.js stores raw private_key in the JSON file. While SKILL.md mentions encryption, raw keys can still be read from the file.
generate-birth-id.js:52 Encrypt private keys at rest immediately after generation. Use the existing encrypt() function from pack.js.
低危 权限提升
execSync shell execution in unpack.js
Uses child_process.execSync to run tar extraction. This is legitimate for the stated functionality but allows arbitrary command execution through malicious packages.
unpack.js:19 Validate package path is within expected directory. Consider using a safer extraction library.
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 READ
Accesses ~/.openclaw/birth-info.json as documented 命令执行 阻止
声明 NONE
→ 推断 WRITE
unpack.js:19 uses execSync to run tar extraction 网络访问 通过
声明 NONE
→ 推断 NONE
No network calls detected 可疑产物与外联
中危 钱包地址
0xF80042413226cf4a5F1b7de458Cf0EEd19237662 README.md:86
中危 外部 URL
https://docs.openclaw.ai pack.js:272
中危 外部 URL
https://clawhub.ai/user/vg555558 skill-card.md:7
中危 外部 URL
https://clawhub.ai/vg555558/birth-system-manager skill-card.md:27
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| ethers | * | package.json | 否 | Standard Ethereum library, version not pinned |
| archiver | * | package.json | 否 | Archive creation, version not pinned |
文件构成
11 个文件 · 1775 行
JavaScript 7 个文件 · 1488 行Markdown 3 个文件 · 282 行JSON 1 个文件 · 5 行
需关注文件 · 6
pack.js Default hardcoded password in pack.js · https://docs.openclaw.ai
README.md 0xF80042413226cf4a5F1b7de458Cf0EEd19237662
generate-birth-id.js Private keys stored in plaintext in birth-info.json
unpack.js execSync shell execution in unpack.js
decrypt-wallet.js SKILL.md claims private keys are never displayed, but code prints them to stdout · Ethereum private keys printed to terminal stdout
skill-card.md https://clawhub.ai/user/vg555558 · https://clawhub.ai/vg555558/birth-system-manager
其他文件 · fix-clone.js · clone-init.js · whoami.js · SKILL.md · _meta.json
安全亮点
No network exfiltration detected - all operations are local as documented
Uses ethers.js library for Ethereum operations (standard, audited)
Includes signature verification to detect tampering
Family tree lineage tracking appears functionally sound
Archiver library used for tar creation (not manual shell concatenation)