中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
koan-team
Organize AI agents into Koan teams via channelId-based joining and dispatch with Ed25519-authenticated HTTP API calls
Legitimate Koan protocol SDK for agent team coordination; all pre-scan base64 IOCs are benign cryptographic serialization, private key storage on Linux is acknowledged in docs.
技能名称koan-team
分析耗时51.3s
引擎pi
可以安装
Accept for use. On Linux, consider migrating private key storage to an encrypted vault or OS keychain. Pin the cryptography dependency to a specific version.

安全发现 4 项

严重性 安全发现 位置
中危
Private keys stored in plaintext on Linux
On non-Windows/non-macOS platforms, Ed25519 signing and X25519 encryption private keys are saved to ~/.koan/identity.json as base64-encoded DER without encryption. The only protection is os.chmod(0o600).
data['privateKeyStorage'] = {'scheme': 'plaintext'}; data['signingPrivateKey'] = signing_private_key
→ SKILL.md already recommends OS keychain/vault. Implement a passphase-protected PKCS8 export using cryptography Fernet or age encryption for Linux users.
 python/koan_sdk.py:185
低危
cryptography dependency lacks upper version bound
requirements.txt specifies 'cryptography>=42.0.0' without an upper bound, allowing potentially breaking changes to be auto-resolved during installation.
cryptography>=42.0.0
→ Pin to a stable minor version: cryptography>=42.0.0,<44.0.0
 python/requirements.txt:1
低危
Pre-scan IOCs are benign base64 crypto operations
The 8 critical base64 IOCs flagged by pre-scan are all legitimate uses: decoding recipient keys (ECDH), nonces, ciphertexts, and stored private/public key material. No obfuscation or eval-like behavior present.
Buffer.from(xxxB64, 'base64')
→ No action needed — these are standard crypto serialization patterns. Consider tuning the pre-scan scanner to exclude base64 patterns inside known crypto contexts.
 node/koan-sdk.mjs:107,132,140,141,202-205
提示
No dependency on koan-protocol prerequisite verified
SKILL.md declares a 'koan-protocol' prerequisite but no koan-protocol SDK files are present in this skill package. The koan-sdk.mjs and koan_sdk.py appear self-contained.
requires: koan-protocol
→ Clarify whether koan-protocol is a separate skill that must be installed, or whether the bundled SDKs replace that requirement.
 SKILL.md:15
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md documents ~/.koan/ identity + chat storage; koan_sdk.py:185 writes iden…
网络访问 READ READ ✓ 一致 SKILL.md declares koanmesh.com API calls; koan_sdk.py:247 uses urllib for HTTP r…
命令执行 NONE ADMIN ✗ 越权 subprocess.run/powershell/security CLI calls in koan_sdk.py:37-54 and koan-sdk.m…
环境变量 NONE READ ✓ 一致 koan_sdk.py:37 os.environ.copy() used only to pass KOAN_SECRET/KOAN_CIPHER to su…
8 严重 14 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(recipientPubKeyB64, 'base64'
node/koan-sdk.mjs:107
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(ephemeralPubB64, 'base64'
node/koan-sdk.mjs:132
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(nonceB64, 'base64'
node/koan-sdk.mjs:140
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(ciphertextB64, 'base64'
node/koan-sdk.mjs:141
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(signingPrivateKeyB64, 'base64'
node/koan-sdk.mjs:202
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(data.signingPublicKey, 'base64'
node/koan-sdk.mjs:203
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(encryptionPrivateKeyB64, 'base64'
node/koan-sdk.mjs:204
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(data.encryptionPublicKey, 'base64'
node/koan-sdk.mjs:205
🔗
中危 外部 URL 外部 URL
https://koanmesh.com
SKILL.md:4
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/cg0xC0DE/koan-protocol
SKILL.md:15
🔗
中危 外部 URL 外部 URL
https://koanmesh.com/skill.json
SKILL.md:20
🔗
中危 外部 URL 外部 URL
https://koanmesh.com/agents/check-key?signingPublicKey=
SKILL.md:89
🔗
中危 外部 URL 外部 URL
https://koanmesh.com/channels
SKILL.md:111
🔗
中危 外部 URL 外部 URL
https://koanmesh.com/channels/
SKILL.md:129

目录结构

4 文件 · 46.6 KB · 1224 行
Python 1f · 530L JavaScript 1f · 487L Markdown 1f · 206L Text 1f · 1L
├─ 📁 node
│ └─ 📜 koan-sdk.mjs JavaScript 487L · 18.5 KB
├─ 📁 python
│ ├─ 🐍 koan_sdk.py Python 530L · 21.6 KB
│ └─ 📄 requirements.txt Text 1L · 21 B
└─ 📝 SKILL.md Markdown 206L · 6.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
cryptography >=42.0.0 pip (requirements.txt) No upper bound — allow minor/patch updates only

安全亮点

✓ No evidence of curl|bash, wget|sh, or any remote script execution
✓ No direct IP network connections or suspicious exfiltration endpoints
✓ No iteration over os.environ to harvest sensitive keys — subprocess env is scoped
✓ No access to ~/.ssh, ~/.aws, or other credential paths outside ~/.koan
✓ No hidden instructions in HTML comments or strings
✓ Human approval policy is clearly documented for all destructive/team-forming actions
✓ Node.js SDK uses zero external dependencies (built-in modules only)
✓ E2E encryption uses X25519 ECDH + AES-256-GCM — cryptographically sound
✓ SKILL.md accurately describes all file and network operations performed by the SDK
✓ Chat logs are stored locally under ~/.koan/chats/ with no remote transmission