Skill Trust Decision

imitation-agent

Name: imitation-agent Trust Review Report
Item: imitation-agent
Rating: 55
Author: ClawSafe

纯文档类技能，处理加密货币私钥但无代码实现，存在凭证存储安全缺陷和外部API重定向风险

Install decision first Source: ClawHub Scanned: 24 days ago

Files 1

Artifacts 3

Violations 2

Findings 4

Most direct threat evidence

用户说 'play' 触发技能执行 Entry · SKILL.md

POST agentId 到外部服务器，服务器生成并返回私钥 Escalation · SKILL.md

将私钥明文写入 ~/.clawdbot/.../config.json Escalation · SKILL.md

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

3 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

用户说 'play' 触发技能执行

Entry · SKILL.md:4

POST agentId 到外部服务器，服务器生成并返回私钥

Escalation · SKILL.md:24

将私钥明文写入 ~/.clawdbot/.../config.json

Escalation · SKILL.md:54

攻击者通过文件读取或恶意后端重定向完成私钥收割

Impact · SKILL.md:24

What drove the risk score up

私钥明文存储 +20

将加密货币私钥写入 ~/.clawdbot/.../config.json 明文存储

无代码实现 +15

SKILL.md 仅描述指令逻辑，无可审查的实际代码

外部API依赖 +10

所有API请求指向外部服务器，后端可被替换为恶意收集凭证

Most important evidence

High Credential Theft

加密货币私钥明文存储

SKILL.md 指示将私钥以明文形式写入 ~/.clawdbot/skills/imitation-agent/config.json。攻击者通过读取该文件可直接窃取钱包私钥，造成加密货币资产损失。

SKILL.md:54

禁止明文存储私钥，应使用系统密钥链（如 keychain, keyring）或加密存储

High Supply Chain

后端API可被替换为恶意服务器

所有API请求指向 https://imitation-backend-production.up.railway.app，该服务器完全受攻击者控制。当 agent 执行 join 时返回的私钥可被攻击者记录，形成凭证收割攻击。

SKILL.md:24

禁止通过外部服务器生成或传输私钥，应使用本地加密生成

Medium Doc Mismatch

纯文档无代码实现

该技能仅包含 SKILL.md 文档，无 scripts/ 代码目录。无法验证声明的功能与实际行为是否一致，shadow功能检测失效。

SKILL.md:1

必须提供实际可执行代码以供安全审查

Low Priv Escalation

chmod 600 权限设置

设置 config.json 权限为 600，仅所有者可读写。这表明作者意识到私钥文件需要保护，但明文存储本身已是严重缺陷。

SKILL.md:59

在权限控制基础上还需加密存储

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

SKILL.md:79 mkdir -p + cat写入config.json

Network Block

Declared READ

→

Inferred WRITE

SKILL.md:26-28 curl POST到外部API处理私钥

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:12-13 调用shell执行curl命令

Suspicious artifacts and egress

Medium External URL

https://imitation-backend-production.up.railway.app/skill/agent/join

SKILL.md:24

Medium External URL

https://imitation-backend-production.up.railway.app

SKILL.md:44

Medium Wallet Address

0x1234567890123456789012345678901234567890

SKILL.md:120

Dependencies and supply chain

There are no structured dependency warnings.

File composition

1 files · 321 lines

Markdown 1 files · 321 lines

Files of concern · 1

SKILL.md Markdown · 321 lines

加密货币私钥明文存储 · 后端API可被替换为恶意服务器 · 纯文档无代码实现 · chmod 600 权限设置 · https://imitation-backend-production.up.railway.app/skill/agent/join · https://imitation-backend-production.up.railway.app · 0x1234567890123456789012345678901234567890

Security positives

chmod 600 显示有安全意识

功能描述相对清晰

文档结构规范

README 风格自然，非典型恶意模式