search 安全扫描报告 — 可疑 | ClawSafe

55 /100

Multi-engine web search (SearXNG default, Tavily, Multi-engine)

Skill contains hardcoded API credentials and makes undisclosed external network requests to Tavily's API, with doc-to-code mismatch on credential handling.

技能名称search

分析耗时40.9s

引擎pi

⚠

谨慎使用

Remove hardcoded API keys from source code. Use environment variables only and require users to provide their own API keys. Document all network egress points.

安全发现 5 项

严重性	安全发现	位置
高危	Hardcoded API Credential in Source Code 凭证窃取 A Tavily API key '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' is hardcoded in plugin.ts and providers/tavily.ts. This is a developer/testing key exposed in plaintext that could be harvested and abused. `const apiKey = process.env.TAVILY_API_KEY \|\| "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";` → Remove hardcoded credentials. Require users to provide their own TAVILY_API_KEY via environment configuration. Never commit API keys to source code.	`plugin.ts:75`
高危	Undisclosed External API Calls 数据外泄 User search queries are sent to api.tavily.com without clear disclosure in SKILL.md. This means user search behavior data is logged by Tavily's service. `const response = await fetch('https://api.tavily.com/search', {...})` → Document all external API endpoints and data flows. Obtain explicit user consent for data transmission to third-party services.	`providers/tavily.ts:20`
中危	Hardcoded Key Misrepresented as Feature 文档欺骗 SKILL.md presents Tavily integration as a 'Free (dev)' feature without disclosing that it relies on a hardcoded development API key rather than user-provided credentials. `tavily \| ⚡ Fast \| ⭐⭐⭐⭐⭐ \| Free (dev) \| AI-optimized, includes snippets` → Clearly document credential requirements and explain how API keys should be configured.	`SKILL.md:1`
低危	Hardcoded Windows Path Exposes Environment 供应链 References to absolute Windows path 'D:\winopenclaw\workspace\skills\_legacy\tavily\search_tavily_news.py' suggest development on a specific machine with specific directory structure. `"D:\\winopenclaw\\workspace\\skills\\_legacy\\tavily\\search_tavily_news.py"` → Use relative paths or configuration-driven paths. Avoid exposing internal development environment structure.	`plugin.ts:85`
低危	Undeclared Shell Execution Capability 权限提升 Code uses api.exec() for Python script execution, implying shell:WRITE capability that is not declared in SKILL.md. `const result = await api.exec({ command: "python", args: [...] })` → Document shell execution as a required capability if intentional, or refactor to use safer alternatives.	`plugin.ts:84`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`WRITE`	✓ 一致	plugin.ts:75, providers/tavily.ts:15 - sends data to api.tavily.com
命令执行	`NONE`	`WRITE`	✓ 一致	plugin.ts:84-86 uses api.exec() for Python script execution

5 项发现

🔗

中危外部 URL 外部 URL

http://127.0.0.1:8080

plugin.ts:74

🔗

中危外部 URL 外部 URL

https://www.baidu.com/s?wd=$

plugin.ts:147

🔗

中危外部 URL 外部 URL

https://cn.bing.com/search?q=$

plugin.ts:148

🔗

中危外部 URL 外部 URL

https://www.google.com/search?q=$

plugin.ts:149

🔗

中危外部 URL 外部 URL

https://api.tavily.com/search

providers/tavily.ts:12

目录结构

8 文件 · 14.8 KB · 465 行

TypeScript 5f · 389L YAML 1f · 46L Markdown 1f · 25L JSON 1f · 5L

├─ ▾ 📁 providers

│ ├─ 📜 multi.ts TypeScript 39L · 1.3 KB

│ ├─ 📜 searxng.ts TypeScript 38L · 1.1 KB

│ └─ 📜 tavily.ts TypeScript 46L · 1.3 KB

├─ 📋 _meta.json JSON 5L · 125 B

├─ 📜 cache.ts TypeScript 65L · 1.4 KB

├─ 📜 plugin.ts TypeScript 201L · 7.2 KB

├─ 📝 SKILL.md Markdown 25L · 983 B

└─ 📋 skill.yaml YAML 46L · 1.5 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`fetch`	`built-in`	Node.js	否	Native fetch used for HTTP requests
`crypto`	`built-in`	Node.js	否	Used for MD5 cache key hashing

安全亮点

✓ Rate limiting implemented (20 calls/min) to prevent abuse

✓ In-memory caching reduces redundant API calls

✓ Local SearXNG option respects privacy by keeping searches local

✓ Graceful fallback between search engines

✓ No credential exfiltration or C2 communication detected