中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
CommunityOS Telegram Bot Skill
Simple Telegram Bot management with LLM and knowledge base. Local-only, no external dependencies.
A legitimate Telegram bot management tool with minor security concerns: hardcoded auth bypass, undeclared subprocess spawning, and undocumented filesystem write operations, but no evidence of malicious behavior or credential exfiltration.
技能名称CommunityOS Telegram Bot Skill
分析耗时49.5s
引擎pi
可以安装
Review and fix the require_auth() function to enforce actual authentication. Document all filesystem and shell operations in SKILL.md. Consider pinning dependency versions.

安全发现 5 项

严重性 安全发现 位置
中危
Hardcoded authentication bypass
The require_auth() function at admin/app.py:232 always returns 'admin' without any verification. The login endpoint exists but is never enforced. This is explicitly documented ('No Built-in Auth') but creates a significant vulnerability if the admin UI is accessed by unauthorized users.
def require_auth(request: Request) -> str:
    # 跳过登录验证,直接返回默认用户
    return 'admin'
→ Remove the bypass comment and implement actual session validation, or ensure the admin UI is strictly localhost-only.
 admin/app.py:232
低危
Undeclared subprocess execution
The SKILL.md does not mention that the skill can spawn background processes via subprocess.Popen to run the Telegram polling service.
process = subprocess.Popen([sys.executable, str(BASE_DIR / 'admin' / 'telegram_runner.py')])
→ Document subprocess spawning capability in SKILL.md under Features or Architecture.
 admin/app.py:1128
低危
Undocumented filesystem WRITE operations
SKILL.md declares filesystem access implicitly through file upload features but does not explicitly document the full scope: file uploads, JSON persistence, ChromaDB writes, and directory deletion via shutil.rmtree.
filepath.write_bytes(content)  # file upload
→ Add explicit filesystem WRITE declaration in SKILL.md or move sensitive operations to a separate skill.
 admin/app.py:864
低危
Unpinned dependencies
requirements.txt does not pin versions for any packages, which could lead to supply chain issues if untrusted versions are installed.
fastapi==0.109.0
requests==2.31.0
...
→ Pin exact versions or minimum versions for all dependencies.
 requirements.txt:1
提示
Example domain URLs in default config
Default bot configs reference 'https://api.example.com/news' and 'https://feeds.example.com/web3' which are example domains, not actual exfiltration targets.
api_endpoint: 'https://api.example.com/news'
→ No action needed - these are clearly example URLs for broadcast configuration.
 admin/app.py:142
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✗ 越权 admin/app.py:132 - save_json() writes JSON files; admin/app.py:864 - file upload…
命令执行 NONE WRITE ✗ 越权 admin/app.py:1128-1133 - subprocess.Popen spawns telegram_runner.py
网络访问 READ READ ✓ 一致 httpx/requests calls to api.telegram.org
环境变量 READ READ ✓ 一致 os.environ.get() for API keys
技能调用 NONE NONE N/A
剪贴板 NONE NONE N/A
浏览器 NONE NONE N/A
数据库 NONE WRITE ✗ 越权 ChromaDB vector store writes to chroma_db/ directory
5 项发现
🔗
中危 外部 URL 外部 URL
https://api.example.com/news
admin/app.py:142
🔗
中危 外部 URL 外部 URL
https://feeds.example.com/web3
admin/app.py:164
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot
admin/app.py:463
🔗
中危 外部 URL 外部 URL
https://your-domain/api/telegram/webhook/
admin/app.py:1208
🔗
中危 外部 URL 外部 URL
https://api.example.com/v1
admin/lite.html:167

目录结构

12 文件 · 106.3 KB · 2632 行
Python 6f · 1822L HTML 1f · 529L JSON 2f · 144L Markdown 2f · 130L Text 1f · 7L
├─ 📁 admin
│ ├─ 🐍 app.py Python 1320L · 59.7 KB
│ ├─ 📄 lite.html HTML 529L · 21.0 KB
│ └─ 🐍 telegram_runner.py Python 159L · 5.6 KB
├─ 📁 bot_engine
│ ├─ 🐍 __init__.py Python 1L · 25 B
│ ├─ 🐍 bot_instance.py Python 117L · 3.9 KB
│ ├─ 🐍 config_parser.py Python 63L · 2.3 KB
│ └─ 🐍 manager.py Python 162L · 6.3 KB
├─ 📁 config
│ └─ 📋 openclaw.json JSON 131L · 3.7 KB
├─ 📋 _meta.json JSON 13L · 425 B
├─ 📝 README.md Markdown 69L · 1.6 KB
├─ 📄 requirements.txt Text 7L · 129 B
└─ 📝 SKILL.md Markdown 61L · 1.7 KB

依赖分析 5 项

包名版本来源已知漏洞备注
fastapi 0.109.0 pip Version pinned
uvicorn 0.27.0 pip Version pinned
requests 2.31.0 pip Version pinned
chromadb 0.4.22 pip Version pinned
pyyaml 6.0.1 pip Version pinned

安全亮点

✓ No credential exfiltration - API keys are only used locally for LLM/Telegram API calls
✓ No base64-encoded commands or obfuscated shell execution
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ No reverse shell, C2 communications, or data theft behavior
✓ Local-only operation documented (127.0.0.1 binding)
✓ External URLs use example.com domains, not real exfiltration endpoints
✓ File operations are standard web application patterns (upload/download/delete)