中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 18/100
上次扫描:1 天前 重新扫描
18 /100
async-queue
Schedule delayed tasks between OpenClaw agents — set reminders, chain tasks, coordinate agents on a delay. File-backed, no infra needed.
Well-documented async task queue skill with accurate security disclosures; install.sh shell usage is expected for a macOS launchd installer and fully declared in SKILL.md frontmatter.
技能名称async-queue
分析耗时57.3s
引擎pi
可以安装
No blocking concerns. Consider pinning Node.js version in package.json for reproducibility.

安全发现 3 项

严重性 安全发现 位置
低危
No dependency pinning 供应链
package.json declares no npm dependencies but also no Node.js version constraint beyond the engine field. The skill relies on Node.js built-in modules (fs, http, crypto, path) with no third-party packages, reducing supply chain risk.
"engines": { "node": ">=18" }
→ Consider adding a .nvmrc or engines field pinning exact version for reproducibility.
 package.json:1
低危
launchd daemon registered with elevated privileges 权限提升
install.sh registers a launchd service that auto-starts on login with KeepAlive. This is expected behavior for a background daemon and is explicitly disclosed in SKILL.md security_disclosure. The scope is confined to OpenClaw's queue directory.
launchctl load "$PLIST"
→ No action needed — behavior is disclosed and scoped to skill's purpose.
 scripts/install.sh:57
提示
install.sh hardcodes LaunchAgents path under ~/Library 敏感访问
The plist path ~/Library/LaunchAgents/ai.openclaw.queue-daemon.plist is hardcoded. This is standard macOS practice and not a security risk, but worth noting the service name.
PLIST="$HOME/Library/LaunchAgents/ai.openclaw.queue-daemon.plist"
→ Informational only; no action required.
 scripts/install.sh:13
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 install.sh:16-30 (mkdir/cp), daemon.js:45-51 (queue read/write)
网络访问 READ READ ✓ 一致 daemon.js:89-108 — HTTP POST only to 127.0.0.1:18789 (localhost only)
命令执行 WRITE WRITE ✓ 一致 install.sh:57 — launchctl load/unload; SKILL.md security_disclosure explicitly d…
技能调用 NONE READ ✓ 一致 plugin/index.ts — POST /api/queue-wake endpoint registered; daemon invokes via l…
环境变量 NONE NONE No os.environ access in any script
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser access
数据库 NONE NONE File-backed JSON queue, not a database
1 项发现
🔗
中危 外部 URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd
scripts/install.sh:47

目录结构

11 文件 · 29.0 KB · 975 行
JavaScript 3f · 462L Markdown 3f · 279L TypeScript 1f · 90L Shell 1f · 84L JSON 3f · 60L
├─ 📁 plugin
│ ├─ 📜 index.ts TypeScript 90L · 2.8 KB
│ └─ 📋 openclaw.plugin.json JSON 14L · 358 B
├─ 📁 references
│ └─ 📝 PROTOCOL.md Markdown 90L · 2.5 KB
├─ 📁 scripts
│ ├─ 📜 daemon.js JavaScript 173L · 5.0 KB
│ ├─ 🔧 install.sh Shell 84L · 3.1 KB
│ ├─ 📜 push.js JavaScript 107L · 2.7 KB
│ └─ 📜 queue-cli.js JavaScript 182L · 4.7 KB
├─ 📋 package.json JSON 21L · 494 B
├─ 📋 public.json JSON 25L · 1.0 KB
├─ 📝 README.md Markdown 27L · 753 B
└─ 📝 SKILL.md Markdown 162L · 5.6 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none N/A node-builtins Skill uses only Node.js built-in modules: fs, http, crypto, path — no npm dependencies

安全亮点

✓ daemon.js uses only Node.js built-in modules — no third-party dependencies to audit
✓ Task delivery uses only Node's built-in http module (no execSync, no child_process)
✓ All network calls are restricted to localhost:127.0.0.1:18789 — no external network access
✓ No credential harvesting: no os.environ iteration, no ~/.ssh, no ~/.aws, no .env access
✓ No base64, eval, or obfuscated code anywhere in the codebase
✓ Target validation in daemon.js checks targets.json before accepting agent names
✓ SKILL.md includes a dedicated security_disclosure field covering all non-obvious behaviors
✓ Lock file mechanism prevents duplicate daemon instances (daemon.lock)
✓ TTL mechanism prevents stale tasks from piling up
✓ User-configurable targets.json — no hard-coded agent names
✓ Queue-wake plugin uses OpenClaw's built-in plugin auth, no custom credential handling
✓ All file operations confined to ~/.openclaw/queue/ and extensions/ — no sensitive path access