中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
ctct-security-patrol
OpenClaw多模式安全巡检工具:默认本地离线扫描,可选联网威胁情报上报
Legitimate security audit tool with transparent behavior; all sensitive operations (network exfiltration, credential access, shell execution) are clearly documented with appropriate consent mechanisms.
Skill Namectct-security-patrol
Duration57.2s
Enginepi
Safe to install
Safe to use. Ensure users read SKILL.md carefully before choosing --push mode to understand the data that will be sent to auth.ctct.cn.

Findings 3 items

Severity Finding Location
Low
/etc/shadow access for baseline generation Sensitive Access
The generateConfigBaseline() function hashes /etc/shadow to establish an integrity baseline. While this is legitimate for security monitoring, /etc/shadow is the most sensitive file on Unix systems containing password hashes.
path.join(HOME, '.ssh/authorized_keys'), path.join(HOME, '.ssh/config'), '/etc/passwd', '/etc/shadow'
→ Consider documenting this clearly in user-facing output. The hash-only approach (no exfiltration of /etc/shadow content) mitigates risk.
 scripts/openclaw-hybrid-audit-changeway.js:278
Low
X-SIGN provides no cryptographic device authentication Data Exfil
The SHA-256 signature (X-SIGN header) is computed as SHA-256(mac + hostname + timestamp + nonce) without a pre-shared key. While documented as 'not device identity verification', the presence of a signature header may mislead users about the security of data transmission.
const signContent = mac + "\n" + hostname + "\n" + timestamp + "\n" + nonce; const sign = crypto.createHash("sha256").update(signContent, 'utf8').digest("hex");
→ Clearly label the X-SIGN header as an anti-replay token rather than a signature, or add a pre-shared key for true authentication.
 scripts/openclaw-hybrid-audit-changeway.js:1123
Low
Extensive documentation may obscure key privacy implications Doc Mismatch
SKILL.md is 372 lines with detailed multi-step workflows. While all behaviors are technically declared, the volume may cause users to skip privacy disclosures (particularly the agent_id persistence and skill list fingerprinting risks).
The document covers first-run prompts, mode selection, cron setup, report interpretation, and multiple reference files
→ Add a concise 5-line 'TL;DR privacy summary' at the top of SKILL.md for users who skip detailed reading.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Reads config files, logs, SKILL directories throughout
Filesystem WRITE WRITE ✓ Aligned Writes reports to ~/.openclaw/ at lines 83-84, 92-93
Network READ READ ✓ Aligned Only accesses auth.ctct.cn:10020 in --push mode with user consent (line 32-33 SK…
Shell WRITE WRITE ✓ Aligned Uses spawnSync with hardcoded command whitelist; shell:false on Unix/Linux (line…
Environment READ READ ✓ Aligned Reads gateway process /proc/<pid>/environ for sensitive variable names only (lin…
Skill Invoke READ READ ✓ Aligned Invokes openclaw CLI commands for audit/cron (lines 218, 458)
credential_theft READ (baseline only) READ ✓ Aligned Hashes /etc/shadow, ~/.ssh/* only for baseline comparison (lines 267-285), value…
2 findings
🔗
Medium External URL 外部 URL
https://auth.ctct.cn:10020/changeway-open/api/pushAuditData
SKILL.md:32
🔗
Medium External URL 外部 URL
https://auth.ctct.cn:10020/changeway-open/api/skills/assessment
SKILL.md:33

File Tree

3 files · 86.8 KB · 1973 lines
JavaScript 1f · 1447L Markdown 2f · 526L
├─ 📁 references
│ └─ 📝 cron-setup.md Markdown 154L · 5.2 KB
├─ 📁 scripts
│ └─ 📜 openclaw-hybrid-audit-changeway.js JavaScript 1447L · 61.6 KB
└─ 📝 SKILL.md Markdown 372L · 20.0 KB

Security Positives

✓ All network requests are gated behind explicit --push flag AND user consent step with specific acknowledgment requirement
✓ Command execution uses hardcoded whitelist with shell:false on Unix/Linux, eliminating injection risk
✓ Data exfiltration in --push mode excludes 'detail' field (full command output) - only 'brief' summaries are uploaded
✓ agent_id persistence and --push mode correctly restricted from cron jobs (documented and enforced)
✓ Script includes integrity hash (@integrity sha256) for tamper verification
✓ No obfuscation, no base64-encoded payloads, no direct IP connections, no credential harvesting
✓ Read operations on sensitive files (~/.ssh, /etc/shadow) are hash-only for baseline comparison, not content exfiltration
✓ Strong input validation: buildSafeChildPath and buildSafeRelativePath prevent path traversal