中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:18 小时前 重新扫描
20 /100
agent-communication
Agent cross-session communication solution using sessions_spawn for subagent session management
The skill is a legitimate inter-agent communication utility using OpenClaw's sessions_* APIs. The only shell execution (exec for openclaw CLI) is documented in SKILL.md's Session Protection section but not formally declared in the header capability section.
技能名称agent-communication
分析耗时42.9s
引擎pi
可以安装
Add shell:WRITE to the declared capabilities in SKILL.md header since exec is used. No removal needed.

安全发现 2 项

严重性 安全发现 位置
低危
shell:WRITE capability not declared in SKILL.md header 文档欺骗
The protectSession function in scripts/communicator.js uses exec() to run 'openclaw sessions cleanup' commands. This is documented in the 'Session Protection Mechanism' workflow section of SKILL.md, but the skill header declares no capabilities at all, leaving shell:WRITE usage completely undeclared in the formal capability section.
const result = await exec({ command: `openclaw sessions cleanup --active-key "${sessionKey}" --enforce` });
→ Add shell:WRITE to the SKILL.md header's declared capabilities section if exec is a supported tool.
 scripts/communicator.js:79
低危
skill_invoke capabilities not formally declared 文档欺骗
The skill heavily relies on sessions_list, sessions_spawn, and sessions_send (skill_invoke resources), which are described in the workflow documentation but never formally declared in the skill header.
--- name: agent-communication --- (no capability declaration follows)
→ Add skill_invoke:READ to the SKILL.md header if these are intended to be permitted tools.
 SKILL.md:1
资源类型声明权限推断权限状态证据
技能调用 NONE READ ✓ 一致 SKILL.md documents sessions_list/sessions_spawn/sessions_send usage but header h…
命令执行 NONE WRITE ✗ 越权 scripts/communicator.js:79 uses exec({command: 'openclaw sessions cleanup...'}),…

目录结构

2 文件 · 7.6 KB · 314 行
Markdown 1f · 196L JavaScript 1f · 118L
├─ 📁 scripts
│ └─ 📜 communicator.js JavaScript 118L · 2.8 KB
└─ 📝 SKILL.md Markdown 196L · 4.8 KB

安全亮点

✓ No credential harvesting or sensitive data access observed
✓ No network exfiltration, C2, or data theft behavior
✓ No base64 encoding, obfuscation, or anti-analysis techniques
✓ No curl|bash remote script execution
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ exec usage is scoped to a specific, documented CLI command (openclaw sessions cleanup)
✓ Code is readable and straightforward — no hidden functionality beyond what is documented