安全决策报告
feynman-fsrs-pro
Hardcoded database credentials exposed in SKILL.md and source code create significant credential theft risk; doc-to-code table name mismatch indicates shadow functionality.
最直接的威胁证据
高危 凭证窃取
Database credentials exposed in SKILL.md SKILL.md contains plaintext database credentials: username 'openclaw_feiman', password '12345678', host '127.0.0.1'. This is a critical security violation as documentation should never contain sensitive credentials.
SKILL.md:17 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded credentials in SKILL.md +20
Database password '12345678', username, host, and table name exposed in documentation
Hardcoded credentials in source code +10
feynman_core.js:9 and database.js:7-11 contain identical hardcoded credentials
Doc-to-code table name mismatch +10
SKILL.md declares 'feynman_memory' but code inconsistently queries both 'feynman_cards' and 'feynman_memory'
IP address anomaly +5
feynman_core.js:9 shows '27.0.0.1' instead of '127.0.0.1' - likely typo
Hardcoded filesystem path +3
Obsidian path points to specific user directory 'C:\Users\alex\iCloudDrive'
最关键的证据
高危 凭证窃取
Database credentials exposed in SKILL.md
SKILL.md contains plaintext database credentials: username 'openclaw_feiman', password '12345678', host '127.0.0.1'. This is a critical security violation as documentation should never contain sensitive credentials.
SKILL.md:17 Remove all credentials from SKILL.md. Use environment variables or .env file for configuration.
高危 凭证窃取
Hardcoded credentials in feynman_core.js
feynman_core.js contains hardcoded database connection parameters with weak password '12345678'.
scripts/feynman_core.js:15 Use environment variables: process.env.DB_PASSWORD, process.env.DB_HOST, etc.
高危 凭证窃取
Hardcoded credentials in database.js
database.js contains identical hardcoded database credentials as feynman_core.js.
scripts/database.js:7 Consolidate database config into a single module using environment variables.
中危 文档欺骗
Table name mismatch between documentation and code
SKILL.md declares table name as 'feynman_memory', but feynman_core.js queries 'feynman_cards' while database.js queries 'feynman_memory'. schema.sql creates 'feynman_cards'. This inconsistency suggests shadow functionality or copy-paste errors.
scripts/feynman_core.js:55 Standardize table name across all files. Update SKILL.md to reflect actual table name used in code.
低危 敏感访问
Hardcoded Obsidian path references specific user
OBSIDIAN_BASE path points to 'C:\Users\alex\iCloudDrive\iCloud~md~obsidian\new-note', exposing a specific user's directory structure.
scripts/database.js:8 Use environment variable for Obsidian path configuration.
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 READ
Reads .md files from Obsidian directory 数据库 通过
声明 WRITE
→ 推断 WRITE
PostgreSQL connection with SELECT/INSERT/UPDATE queries 网络访问 通过
声明 NONE
→ 推断 READ
Connects to local PostgreSQL at 127.0.0.1:5432 (documentation exposes '27.0.0.1') 命令执行 通过
声明 NONE
→ 推断 NONE
No shell execution observed 可疑产物与外联
高危 IP 地址
27.0.0.1 scripts/feynman_core.js:9
中危 外部 URL
https://registry.npmmirror.com/pg/-/pg-8.20.0.tgz scripts/package-lock.json:20
中危 外部 URL
https://registry.npmmirror.com/pg-cloudflare/-/pg-cloudflare-1.3.0.tgz scripts/package-lock.json:47
中危 外部 URL
https://registry.npmmirror.com/pg-connection-string/-/pg-connection-string-2.12.0.tgz scripts/package-lock.json:54
中危 外部 URL
https://registry.npmmirror.com/pg-int8/-/pg-int8-1.0.1.tgz scripts/package-lock.json:60
中危 外部 URL
https://registry.npmmirror.com/pg-pool/-/pg-pool-3.13.0.tgz scripts/package-lock.json:69
中危 外部 URL
https://registry.npmmirror.com/pg-protocol/-/pg-protocol-1.13.0.tgz scripts/package-lock.json:78
中危 外部 URL
https://registry.npmmirror.com/pg-types/-/pg-types-2.2.0.tgz scripts/package-lock.json:84
中危 外部 URL
https://registry.npmmirror.com/pgpass/-/pgpass-1.0.5.tgz scripts/package-lock.json:100
中危 外部 URL
https://registry.npmmirror.com/postgres-array/-/postgres-array-2.0.0.tgz scripts/package-lock.json:109
中危 外部 URL
https://registry.npmmirror.com/postgres-bytea/-/postgres-bytea-1.0.1.tgz scripts/package-lock.json:118
中危 外部 URL
https://registry.npmmirror.com/postgres-date/-/postgres-date-1.0.7.tgz scripts/package-lock.json:127
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| pg | ^8.11.3 | npm | 否 | PostgreSQL client library, version pinned |
文件构成
14 个文件 · 2214 行
JavaScript 9 个文件 · 1231 行Markdown 2 个文件 · 627 行JSON 2 个文件 · 191 行SQL 1 个文件 · 165 行
需关注文件 · 4
scripts/feynman_core.js Hardcoded credentials in feynman_core.js · Table name mismatch between documentation and code · 27.0.0.1
SKILL.md Database credentials exposed in SKILL.md
scripts/database.js Hardcoded credentials in database.js · Hardcoded Obsidian path references specific user
scripts/package-lock.json https://registry.npmmirror.com/pg/-/pg-8.20.0.tgz · https://registry.npmmirror.com/pg-cloudflare/-/pg-cloudflare-1.3.0.tgz · https://registry.npmmirror.com/pg-connection-string/-/pg-connection-string-2.12.0.tgz · https://registry.npmmirror.com/pg-int8/-/pg-int8-1.0.1.tgz · https://registry.npmmirror.com/pg-pool/-/pg-pool-3.13.0.tgz · https://registry.npmmirror.com/pg-protocol/-/pg-protocol-1.13.0.tgz · https://registry.npmmirror.com/pg-types/-/pg-types-2.2.0.tgz · https://registry.npmmirror.com/pgpass/-/pgpass-1.0.5.tgz · https://registry.npmmirror.com/postgres-array/-/postgres-array-2.0.0.tgz · https://registry.npmmirror.com/postgres-bytea/-/postgres-bytea-1.0.1.tgz · https://registry.npmmirror.com/postgres-date/-/postgres-date-1.0.7.tgz · https://registry.npmmirror.com/postgres-interval/-/postgres-interval-1.2.0.tgz · https://registry.npmmirror.com/split2/-/split2-4.2.0.tgz · https://registry.npmmirror.com/xtend/-/xtend-4.0.2.tgz
其他文件 · README.md · schema.sql · update-progress.js · cli.js · review-helper.js · index.js +2
安全亮点
No shell execution observed - skill uses direct database queries only
No external network requests detected - only local PostgreSQL connection
No obfuscation techniques (base64, eval) found in codebase
No credential exfiltration - hardcoded credentials are only used locally
No reverse shell or C2 infrastructure indicators
No prompt injection payloads detected
Dependencies are minimal (pg library only) with pinned versions