中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:1 天前 重新扫描
20 /100
ctct-security-patrol
OpenClaw多模式安全巡检工具:默认本地离线扫描,可选联网威胁情报上报
Legitimate security audit tool with transparent behavior; all sensitive operations (network exfiltration, credential access, shell execution) are clearly documented with appropriate consent mechanisms.
技能名称ctct-security-patrol
分析耗时57.2s
引擎pi
可以安装
Safe to use. Ensure users read SKILL.md carefully before choosing --push mode to understand the data that will be sent to auth.ctct.cn.

安全发现 3 项

严重性 安全发现 位置
低危
/etc/shadow access for baseline generation 敏感访问
The generateConfigBaseline() function hashes /etc/shadow to establish an integrity baseline. While this is legitimate for security monitoring, /etc/shadow is the most sensitive file on Unix systems containing password hashes.
path.join(HOME, '.ssh/authorized_keys'), path.join(HOME, '.ssh/config'), '/etc/passwd', '/etc/shadow'
→ Consider documenting this clearly in user-facing output. The hash-only approach (no exfiltration of /etc/shadow content) mitigates risk.
 scripts/openclaw-hybrid-audit-changeway.js:278
低危
X-SIGN provides no cryptographic device authentication 数据外泄
The SHA-256 signature (X-SIGN header) is computed as SHA-256(mac + hostname + timestamp + nonce) without a pre-shared key. While documented as 'not device identity verification', the presence of a signature header may mislead users about the security of data transmission.
const signContent = mac + "\n" + hostname + "\n" + timestamp + "\n" + nonce; const sign = crypto.createHash("sha256").update(signContent, 'utf8').digest("hex");
→ Clearly label the X-SIGN header as an anti-replay token rather than a signature, or add a pre-shared key for true authentication.
 scripts/openclaw-hybrid-audit-changeway.js:1123
低危
Extensive documentation may obscure key privacy implications 文档欺骗
SKILL.md is 372 lines with detailed multi-step workflows. While all behaviors are technically declared, the volume may cause users to skip privacy disclosures (particularly the agent_id persistence and skill list fingerprinting risks).
The document covers first-run prompts, mode selection, cron setup, report interpretation, and multiple reference files
→ Add a concise 5-line 'TL;DR privacy summary' at the top of SKILL.md for users who skip detailed reading.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 Reads config files, logs, SKILL directories throughout
文件系统 WRITE WRITE ✓ 一致 Writes reports to ~/.openclaw/ at lines 83-84, 92-93
网络访问 READ READ ✓ 一致 Only accesses auth.ctct.cn:10020 in --push mode with user consent (line 32-33 SK…
命令执行 WRITE WRITE ✓ 一致 Uses spawnSync with hardcoded command whitelist; shell:false on Unix/Linux (line…
环境变量 READ READ ✓ 一致 Reads gateway process /proc/<pid>/environ for sensitive variable names only (lin…
技能调用 READ READ ✓ 一致 Invokes openclaw CLI commands for audit/cron (lines 218, 458)
凭证访问 READ (baseline only) READ ✓ 一致 Hashes /etc/shadow, ~/.ssh/* only for baseline comparison (lines 267-285), value…
2 项发现
🔗
中危 外部 URL 外部 URL
https://auth.ctct.cn:10020/changeway-open/api/pushAuditData
SKILL.md:32
🔗
中危 外部 URL 外部 URL
https://auth.ctct.cn:10020/changeway-open/api/skills/assessment
SKILL.md:33

目录结构

3 文件 · 86.8 KB · 1973 行
JavaScript 1f · 1447L Markdown 2f · 526L
├─ 📁 references
│ └─ 📝 cron-setup.md Markdown 154L · 5.2 KB
├─ 📁 scripts
│ └─ 📜 openclaw-hybrid-audit-changeway.js JavaScript 1447L · 61.6 KB
└─ 📝 SKILL.md Markdown 372L · 20.0 KB

安全亮点

✓ All network requests are gated behind explicit --push flag AND user consent step with specific acknowledgment requirement
✓ Command execution uses hardcoded whitelist with shell:false on Unix/Linux, eliminating injection risk
✓ Data exfiltration in --push mode excludes 'detail' field (full command output) - only 'brief' summaries are uploaded
✓ agent_id persistence and --push mode correctly restricted from cron jobs (documented and enforced)
✓ Script includes integrity hash (@integrity sha256) for tamper verification
✓ No obfuscation, no base64-encoded payloads, no direct IP connections, no credential harvesting
✓ Read operations on sensitive files (~/.ssh, /etc/shadow) are hash-only for baseline comparison, not content exfiltration
✓ Strong input validation: buildSafeChildPath and buildSafeRelativePath prevent path traversal