中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:2 days ago Rescan
45 /100
token-watchdog
OpenClaw session cost monitor — alerts via Telegram when agent spend exceeds budget
Undeclared shell execution via execSync found in code not mentioned in SKILL.md documentation. The skill claims to 'read .jsonl files directly' but actually executes openclaw CLI commands for alerts and agent control.
Skill Nametoken-watchdog
Duration60.9s
Enginepi
Use with caution
Request maintainer to document execSync usage for shell commands. Verify openclaw CLI tool integrity. Consider using HTTP API instead of CLI for Telegram messaging.

Findings 5 items

Severity Finding Location
High
Undeclared Shell Execution via execSync
The code uses execSync() from child_process module to execute 'openclaw message send' and 'openclaw agent' commands. SKILL.md only mentions reading .jsonl files directly and does not disclose that shell commands are executed.
execSync(`openclaw message send --channel telegram --target ${CONFIG.telegramTarget} -m ${shellEscape(message)}`, { encoding: 'utf8', timeout: 15_000 })
→ Document execSync usage in SKILL.md. Consider using openclaw SDK/API if available instead of CLI subprocess execution.
 token-watchdog.mjs:44
High
Agent Control Function Not Declared
The pauseAgent() function can send messages to control the OpenClaw agent. This capability to control agent behavior is not mentioned in documentation.
execSync(`openclaw agent -m ${shellEscape('...')} --timeout 30`, { encoding: 'utf8', timeout: 35_000 })
→ Clearly document that this tool can pause/resume the agent and what commands it sends.
 token-watchdog.mjs:56
Medium
Remote Script Download Without Integrity Check
SKILL.md instructs users to download the script via curl from a GitHub Pages URL without recommending signature verification or checksum validation.
curl -sL https://ddaekeu3-cyber.github.io/synapse-ai/tools/token-watchdog/token-watchdog.mjs -o ~/.openclaw/workspace/token-watchdog.mjs
→ Add instructions for verifying script integrity (e.g., provide SHA256 hash or use signed releases).
 SKILL.md:29
Medium
Undeclared File Write Operations
Code writes to ~/.openclaw/workspace/memory/token-watchdog.log and token-watchdog-state.json. SKILL.md only mentions reading session files.
writeSync(fd, line); // to token-watchdog.log
→ Document log and state file persistence in SKILL.md.
 token-watchdog.mjs:83
Low
Hardcoded Telegram Target ID
Telegram target '8616468733' is hardcoded in CONFIG. While this may be expected for a personal tool, it limits flexibility and may not match user's configuration.
telegramTarget: '8616468733'
→ Allow Telegram target configuration via environment variable or CLI argument.
 token-watchdog.mjs:17
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ,WRITE ✓ Aligned token-watchdog.mjs:writeFileSync to ~/.openclaw/workspace/memory/
Shell NONE WRITE ✗ Violation token-watchdog.mjs:44 execSync for openclaw CLI commands
Network READ READ ✓ Aligned Reads session files, sends via openclaw CLI
2 findings
🔗
Medium External URL 外部 URL
https://ddaekeu3-cyber.github.io/synapse-ai/tools/token-watchdog/token-watchdog.mjs
SKILL.md:29
🔗
Medium External URL 外部 URL
https://ddaekeu3-cyber.github.io/synapse-ai/
SKILL.md:82

File Tree

3 files · 14.6 KB · 420 lines
JavaScript 1f · 328L Markdown 1f · 82L JSON 1f · 10L
├─ 📋 package.json JSON 10L · 440 B
├─ 📝 SKILL.md Markdown 82L · 2.3 KB
└─ 🔑 token-watchdog.mjs JavaScript 328L · 11.8 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
Node.js built-ins N/A builtin No Uses only child_process and fs modules
openclaw CLI unknown external No CLI tool invoked via execSync - security depends on openclaw tool integrity

Security Positives

✓ Core functionality (session cost monitoring) appears legitimate and useful
✓ shellEscape() function provides basic protection against command injection
✓ Uses fs sync operations instead of eval() or dynamic code execution
✓ Session file reading is byte-offset based (incremental reads) - efficient approach
✓ State persistence prevents duplicate alerts on restarts