扫描报告
5 /100
agent-link
智能体互联技能 - 支持不同电脑上的 OpenClaw 实例和 Agent 通过中转服务器进行安全可靠的通讯
This is a legitimate cross-device agent communication relay skill with no malicious behavior detected. All functionality is properly documented and uses standard WebSocket communication with HMAC-SHA256 message signing.
可以安装
This skill is safe to use. No security concerns identified.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Plain WebSocket connection default 敏感访问 | scripts/local-agent/agent_link.py:54 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | agent_link.py:188-195 - reads config JSON file via from_config() |
| 网络访问 | READ | WRITE | ✓ 一致 | agent_link.py:54-65 - WebSocket connection for sending/receiving messages |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found in codebase |
| 环境变量 | NONE | NONE | — | No os.environ access or sensitive variable reading found |
目录结构
6 文件 · 25.3 KB · 1019 行 Markdown 3f · 686L
Python 1f · 315L
JSON 2f · 18L
├─
▾
docs
│ └─
install-agent.md
Markdown
├─
▾
scripts
│ └─
▾
local-agent
│ ├─
agent_link.py
Python
│ └─
agent-link-config.example.json
JSON
├─
_meta.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
websockets | * | pip | 否 | No version pinned - consider pinning to specific version for reproducibility |
安全亮点
✓ HMAC-SHA256 message signing prevents message forgery
✓ No subprocess or shell execution - pure Python WebSocket client
✓ No credential harvesting or environment variable enumeration
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No base64 encoding or obfuscation detected
✓ All functionality is properly documented in SKILL.md
✓ Message relay server does not persist message content
✓ Clean, readable codebase with proper error handling