中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
amber-hunter
Universal AI memory backend for Huper琥珀 — local E2E encrypted memory capture and recall with optional cloud sync
A legitimate, well-documented local AI memory backend with strong E2E encryption. Minor documented fallbacks for headless Linux do not constitute hidden malicious behavior.
技能名称amber-hunter
分析耗时87.9s
引擎pi
可以安装
Consider pinning dependency versions in requirements.txt. For headless Linux, warn users about the config.json plaintext fallback for master_password. Otherwise safe to use.

安全发现 5 项

严重性 安全发现 位置
中危
Unpinned Python dependencies
All packages in requirements.txt use >= version specifiers without upper bounds. This allows dependency confusion attacks and supply chain injection via package updates.
sentence-transformers>=2.2.0
numpy>=1.24.0
→ Pin exact versions: sentence-transformers==2.7.0, numpy==1.26.4, etc.
 requirements.txt:1
低危
Linux headless stores master_password in plaintext
On headless Linux (VPS), master_password falls back to config.json in plaintext. While documented, this means the encryption key is stored unencrypted on disk.
_linux_config_set(account, password)
→ Warn users explicitly at install time; consider requiring user acknowledgment
 core/keychain.py:164
低危
master_password also written to config.json as fallback on all platforms
set_master_password_handler writes master_password to config.json even when OS keychain succeeds on macOS/Windows. The Keychain is primary but config.json serves as an unnecessary backup copy.
cfg['master_password'] = password_in.password
→ Only write to config.json when OS keychain fails, not as a parallel backup
 amber_hunter.py:2063
提示
Reads API keys from OpenClaw config
core/llm.py auto-detects LLM API keys from ~/.openclaw/openclaw.json. This reads third-party credentials to auto-configure providers.
providers = openclaw_config.get('models', {}).get('providers', {})
→ This is documented and intentional — the skill needs LLM keys to power its AI features
 core/llm.py:524
提示
Session file access for proactive capture
core/session.py and proactive scripts read OpenClaw/Claude session .jsonl files to build conversation context. This is declared in SKILL.md as the core proactive capture feature.
read_session_messages() reads .jsonl session files
→ No action needed — this is the stated purpose of the skill
 core/session.py:60
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md allowed-tools maps Read→filesystem:READ; code reads ~/.amber-hunter/, ~…
命令执行 WRITE WRITE ✓ 一致 install.sh/freeze.sh are shell scripts; LLM providers use subprocess.run with cu…
网络访问 READ READ ✓ 一致 SKILL.md declares huper.org cloud sync; core/llm.py makes API calls to minimaxi.…
数据库 READ WRITE ✓ 一致 SKILL.md: Memory write via /ingest is a core capability; code writes to SQLite a…
环境变量 NONE READ ✓ 一致 core/llm.py:361 reads MINIMAX_API_KEY env var; core/keychain.py:115 reads AMBER_…
8 项发现
🔗
中危 外部 URL 外部 URL
https://huper.org
CHANGELOG.md:275
🔗
中危 外部 URL 外部 URL
https://huper.org/dashboard
README.md:33
🔗
中危 外部 URL 外部 URL
https://huper.org/api
README.md:43
🔗
中危 外部 URL 外部 URL
https://huper.org/api/ingest
SKILL.md:68
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:18998
amber_hunter.py:619
🔗
中危 外部 URL 外部 URL
https://api.minimaxi.com/anthropic/v1/messages
core/llm.py:130
🔗
中危 外部 URL 外部 URL
https://api.groq.com/openai/v1/chat/completions
core/llm.py:624
🔗
中危 外部 URL 外部 URL
https://api.minimaxi.com/anthropic
core/llm.py:692

目录结构

29 文件 · 240.0 KB · 6548 行
Python 14f · 4387L Markdown 7f · 1057L JavaScript 3f · 606L Shell 3f · 325L TypeScript 1f · 161L Text 1f · 12L
├─ 📁 core
│ ├─ 🐍 __init__.py Python 5L · 312 B
│ ├─ 🐍 crypto.py Python 60L · 1.7 KB
│ ├─ 🐍 db.py Python 404L · 13.5 KB
│ ├─ 🐍 keychain.py Python 284L · 9.3 KB
│ ├─ 🐍 llm.py Python 735L · 23.7 KB
│ ├─ 🐍 models.py Python 46L · 1009 B
│ └─ 🐍 session.py Python 450L · 16.4 KB
├─ 📁 proactive
│ ├─ 📁 hooks
│ │ └─ 📁 openclaw
│ │ ├─ 📜 handler.js JavaScript 152L · 5.0 KB
│ │ ├─ 📜 handler.ts TypeScript 161L · 5.6 KB
│ │ └─ 📝 HOOK.md Markdown 39L · 1.2 KB
│ ├─ 📁 scripts
│ │ └─ 📜 proactive-check.js JavaScript 284L · 10.0 KB
│ ├─ 📜 proactive-check.js JavaScript 170L · 6.1 KB
│ └─ 📝 README.md Markdown 88L · 2.1 KB
├─ 📁 tests
│ ├─ 📁 test_api
│ │ ├─ 🐍 __init__.py Python 0 B
│ │ ├─ 🐍 test_recall.py Python 104L · 3.8 KB
│ │ └─ 🐍 test_status.py Python 34L · 1.0 KB
│ ├─ 🐍 __init__.py Python 0 B
│ ├─ 🐍 conftest.py Python 46L · 1.1 KB
│ └─ 🐍 test_crypto.py Python 50L · 1.7 KB
├─ 🐍 amber_hunter.py Python 2169L · 84.4 KB
├─ 📝 CHANGELOG.md Markdown 287L · 16.0 KB
├─ 📝 CLAUDE.md Markdown 28L · 1.0 KB
├─ 🔧 freeze.sh Shell 59L · 1.7 KB
├─ 🔧 install.sh Shell 188L · 7.5 KB
├─ 📝 README.md Markdown 261L · 8.8 KB
├─ 📝 RELEASE_CHECKLIST.md Markdown 46L · 1.5 KB
├─ 🔧 release.sh Shell 78L · 2.9 KB
├─ 📄 requirements.txt Text 12L · 202 B
└─ 📝 SKILL.md Markdown 308L · 12.3 KB

依赖分析 8 项

包名版本来源已知漏洞备注
fastapi 0.115.0 pip Lower bound only, no upper cap
uvicorn 0.30.0 pip Lower bound only
pydantic 2.9.0 pip Lower bound only
cryptography 43.0.0 pip Lower bound only
httpx 0.27.0 pip Lower bound only
sentence-transformers >=2.2.0 pip Version not pinned, ~90MB ML model download at install time
numpy >=1.24.0 pip Version not pinned
pytest >=8.0.0 pip Test only, not shipped

安全亮点

✓ E2E AES-256-GCM encryption with PBKDF2-HMAC-SHA256 key derivation (100k iterations)
✓ master_password stored in OS Keychain (macOS security, Linux secret-tool, Windows cmdkey)
✓ Local service restricted to localhost:18998 — no remote exposure
✓ Cloud sync payload is E2E encrypted before upload; huper.org never sees plaintext
✓ No base64/eval obfuscation or dynamic code execution patterns
✓ No reverse shell, C2 infrastructure, or data exfiltration to unexpected hosts
✓ All external network IOCs map to declared API endpoints (huper.org, LLM providers)
✓ Review queue requires user approval before memories become permanent
✓ SKILL.md is comprehensive and accurately describes capabilities
✓ Comprehensive CORS restrictions to declared origins only