中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:2 天前 重新扫描
45 /100
token-watchdog
OpenClaw session cost monitor — alerts via Telegram when agent spend exceeds budget
Undeclared shell execution via execSync found in code not mentioned in SKILL.md documentation. The skill claims to 'read .jsonl files directly' but actually executes openclaw CLI commands for alerts and agent control.
技能名称token-watchdog
分析耗时60.9s
引擎pi
谨慎使用
Request maintainer to document execSync usage for shell commands. Verify openclaw CLI tool integrity. Consider using HTTP API instead of CLI for Telegram messaging.

安全发现 5 项

严重性 安全发现 位置
高危
Undeclared Shell Execution via execSync
The code uses execSync() from child_process module to execute 'openclaw message send' and 'openclaw agent' commands. SKILL.md only mentions reading .jsonl files directly and does not disclose that shell commands are executed.
execSync(`openclaw message send --channel telegram --target ${CONFIG.telegramTarget} -m ${shellEscape(message)}`, { encoding: 'utf8', timeout: 15_000 })
→ Document execSync usage in SKILL.md. Consider using openclaw SDK/API if available instead of CLI subprocess execution.
 token-watchdog.mjs:44
高危
Agent Control Function Not Declared
The pauseAgent() function can send messages to control the OpenClaw agent. This capability to control agent behavior is not mentioned in documentation.
execSync(`openclaw agent -m ${shellEscape('...')} --timeout 30`, { encoding: 'utf8', timeout: 35_000 })
→ Clearly document that this tool can pause/resume the agent and what commands it sends.
 token-watchdog.mjs:56
中危
Remote Script Download Without Integrity Check
SKILL.md instructs users to download the script via curl from a GitHub Pages URL without recommending signature verification or checksum validation.
curl -sL https://ddaekeu3-cyber.github.io/synapse-ai/tools/token-watchdog/token-watchdog.mjs -o ~/.openclaw/workspace/token-watchdog.mjs
→ Add instructions for verifying script integrity (e.g., provide SHA256 hash or use signed releases).
 SKILL.md:29
中危
Undeclared File Write Operations
Code writes to ~/.openclaw/workspace/memory/token-watchdog.log and token-watchdog-state.json. SKILL.md only mentions reading session files.
writeSync(fd, line); // to token-watchdog.log
→ Document log and state file persistence in SKILL.md.
 token-watchdog.mjs:83
低危
Hardcoded Telegram Target ID
Telegram target '8616468733' is hardcoded in CONFIG. While this may be expected for a personal tool, it limits flexibility and may not match user's configuration.
telegramTarget: '8616468733'
→ Allow Telegram target configuration via environment variable or CLI argument.
 token-watchdog.mjs:17
资源类型声明权限推断权限状态证据
文件系统 READ READ,WRITE ✓ 一致 token-watchdog.mjs:writeFileSync to ~/.openclaw/workspace/memory/
命令执行 NONE WRITE ✗ 越权 token-watchdog.mjs:44 execSync for openclaw CLI commands
网络访问 READ READ ✓ 一致 Reads session files, sends via openclaw CLI
2 项发现
🔗
中危 外部 URL 外部 URL
https://ddaekeu3-cyber.github.io/synapse-ai/tools/token-watchdog/token-watchdog.mjs
SKILL.md:29
🔗
中危 外部 URL 外部 URL
https://ddaekeu3-cyber.github.io/synapse-ai/
SKILL.md:82

目录结构

3 文件 · 14.6 KB · 420 行
JavaScript 1f · 328L Markdown 1f · 82L JSON 1f · 10L
├─ 📋 package.json JSON 10L · 440 B
├─ 📝 SKILL.md Markdown 82L · 2.3 KB
└─ 🔑 token-watchdog.mjs JavaScript 328L · 11.8 KB

依赖分析 2 项

包名版本来源已知漏洞备注
Node.js built-ins N/A builtin Uses only child_process and fs modules
openclaw CLI unknown external CLI tool invoked via execSync - security depends on openclaw tool integrity

安全亮点

✓ Core functionality (session cost monitoring) appears legitimate and useful
✓ shellEscape() function provides basic protection against command injection
✓ Uses fs sync operations instead of eval() or dynamic code execution
✓ Session file reading is byte-offset based (incremental reads) - efficient approach
✓ State persistence prevents duplicate alerts on restarts