中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:2 days ago Rescan
15 /100
koan-team
Organize AI agents into Koan teams via channelId-based joining and dispatch with Ed25519-authenticated HTTP API calls
Legitimate Koan protocol SDK for agent team coordination; all pre-scan base64 IOCs are benign cryptographic serialization, private key storage on Linux is acknowledged in docs.
Skill Namekoan-team
Duration51.3s
Enginepi
Safe to install
Accept for use. On Linux, consider migrating private key storage to an encrypted vault or OS keychain. Pin the cryptography dependency to a specific version.

Findings 4 items

Severity Finding Location
Medium
Private keys stored in plaintext on Linux
On non-Windows/non-macOS platforms, Ed25519 signing and X25519 encryption private keys are saved to ~/.koan/identity.json as base64-encoded DER without encryption. The only protection is os.chmod(0o600).
data['privateKeyStorage'] = {'scheme': 'plaintext'}; data['signingPrivateKey'] = signing_private_key
→ SKILL.md already recommends OS keychain/vault. Implement a passphase-protected PKCS8 export using cryptography Fernet or age encryption for Linux users.
 python/koan_sdk.py:185
Low
cryptography dependency lacks upper version bound
requirements.txt specifies 'cryptography>=42.0.0' without an upper bound, allowing potentially breaking changes to be auto-resolved during installation.
cryptography>=42.0.0
→ Pin to a stable minor version: cryptography>=42.0.0,<44.0.0
 python/requirements.txt:1
Low
Pre-scan IOCs are benign base64 crypto operations
The 8 critical base64 IOCs flagged by pre-scan are all legitimate uses: decoding recipient keys (ECDH), nonces, ciphertexts, and stored private/public key material. No obfuscation or eval-like behavior present.
Buffer.from(xxxB64, 'base64')
→ No action needed — these are standard crypto serialization patterns. Consider tuning the pre-scan scanner to exclude base64 patterns inside known crypto contexts.
 node/koan-sdk.mjs:107,132,140,141,202-205
Info
No dependency on koan-protocol prerequisite verified
SKILL.md declares a 'koan-protocol' prerequisite but no koan-protocol SDK files are present in this skill package. The koan-sdk.mjs and koan_sdk.py appear self-contained.
requires: koan-protocol
→ Clarify whether koan-protocol is a separate skill that must be installed, or whether the bundled SDKs replace that requirement.
 SKILL.md:15
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md documents ~/.koan/ identity + chat storage; koan_sdk.py:185 writes iden…
Network READ READ ✓ Aligned SKILL.md declares koanmesh.com API calls; koan_sdk.py:247 uses urllib for HTTP r…
Shell NONE ADMIN ✗ Violation subprocess.run/powershell/security CLI calls in koan_sdk.py:37-54 and koan-sdk.m…
Environment NONE READ ✓ Aligned koan_sdk.py:37 os.environ.copy() used only to pass KOAN_SECRET/KOAN_CIPHER to su…
8 Critical 14 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(recipientPubKeyB64, 'base64'
node/koan-sdk.mjs:107
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(ephemeralPubB64, 'base64'
node/koan-sdk.mjs:132
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(nonceB64, 'base64'
node/koan-sdk.mjs:140
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(ciphertextB64, 'base64'
node/koan-sdk.mjs:141
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(signingPrivateKeyB64, 'base64'
node/koan-sdk.mjs:202
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(data.signingPublicKey, 'base64'
node/koan-sdk.mjs:203
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(encryptionPrivateKeyB64, 'base64'
node/koan-sdk.mjs:204
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(data.encryptionPublicKey, 'base64'
node/koan-sdk.mjs:205
🔗
Medium External URL 外部 URL
https://koanmesh.com
SKILL.md:4
🔗
Medium External URL 外部 URL
https://clawhub.ai/cg0xC0DE/koan-protocol
SKILL.md:15
🔗
Medium External URL 外部 URL
https://koanmesh.com/skill.json
SKILL.md:20
🔗
Medium External URL 外部 URL
https://koanmesh.com/agents/check-key?signingPublicKey=
SKILL.md:89
🔗
Medium External URL 外部 URL
https://koanmesh.com/channels
SKILL.md:111
🔗
Medium External URL 外部 URL
https://koanmesh.com/channels/
SKILL.md:129

File Tree

4 files · 46.6 KB · 1224 lines
Python 1f · 530L JavaScript 1f · 487L Markdown 1f · 206L Text 1f · 1L
├─ 📁 node
│ └─ 📜 koan-sdk.mjs JavaScript 487L · 18.5 KB
├─ 📁 python
│ ├─ 🐍 koan_sdk.py Python 530L · 21.6 KB
│ └─ 📄 requirements.txt Text 1L · 21 B
└─ 📝 SKILL.md Markdown 206L · 6.4 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
cryptography >=42.0.0 pip (requirements.txt) No No upper bound — allow minor/patch updates only

Security Positives

✓ No evidence of curl|bash, wget|sh, or any remote script execution
✓ No direct IP network connections or suspicious exfiltration endpoints
✓ No iteration over os.environ to harvest sensitive keys — subprocess env is scoped
✓ No access to ~/.ssh, ~/.aws, or other credential paths outside ~/.koan
✓ No hidden instructions in HTML comments or strings
✓ Human approval policy is clearly documented for all destructive/team-forming actions
✓ Node.js SDK uses zero external dependencies (built-in modules only)
✓ E2E encryption uses X25519 ECDH + AES-256-GCM — cryptographically sound
✓ SKILL.md accurately describes all file and network operations performed by the SDK
✓ Chat logs are stored locally under ~/.koan/chats/ with no remote transmission