中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:18 小时前 重新扫描
15 /100
claude-code-openclaw
Delegate implementation, review, and official BMad agent-driven workflows to local Claude Code
This is a legitimate Claude Code orchestration skill that invokes Claude CLI via subprocess/pexpect. No malicious behavior detected—shell execution is declared in SKILL.md, no credential theft, no obfuscation, no external data exfiltration beyond standard messaging.
技能名称claude-code-openclaw
分析耗时90.8s
引擎pi
可以安装
Safe to use. Monitor usage of bypassPermissions profile when untrusted workflows are involved. Consider using 'default-safe' profile for sensitive environments.

安全发现 2 项

严重性 安全发现 位置
低危
bypassPermissions Default May Amplify Risk 权限提升
The default permission mode in run_bmad_persona.py and run_claude_task.sh is 'bypassPermissions', which auto-approves all Claude Code operations. This is intentional for automation but could amplify impact if a malicious workflow is injected.
ap.add_argument('--permission-mode', default='bypassPermissions')
→ Use 'default-safe' profile (acceptEdits mode) for untrusted workflows. Document this risk in SKILL.md.
 scripts/run_bmad_persona.py:300
低危
Hook Installation Modifies Claude Settings 文档欺骗
install_claude_hooks.py modifies .claude/settings.local.json to install event hooks. This is not prominently declared in SKILL.md.
Install compact Claude event hooks into a repo's .claude/settings.local.json
→ Add hook installation to SKILL.md resource declarations.
 scripts/install_claude_hooks.py:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 State files, checkpoints, transcripts written to .claude/orchestrator/
命令执行 WRITE WRITE ✓ 一致 claude_orchestrator.py:line 389-398 spawns Claude via pexpect; run_claude_task.s…
网络访问 READ READ ✓ 一致 External communication only via openclaw binary for messaging (claude_dispatch_u…
环境变量 READ READ ✓ 一致 Environment passed through to Claude via build_child_env() (claude_orchestrator.…
浏览器 NONE NONE N/A
技能调用 READ READ ✓ 一致 Invokes Claude Code workflows as documented in SKILL.md
17 项发现
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/llms.txt
references/claude-code-doc-map.md:3
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/overview.md
references/claude-code-doc-map.md:7
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/quickstart.md
references/claude-code-doc-map.md:8
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/how-claude-code-works.md
references/claude-code-doc-map.md:9
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/best-practices.md
references/claude-code-doc-map.md:10
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/cli-reference.md
references/claude-code-doc-map.md:14
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/settings.md
references/claude-code-doc-map.md:15
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/permissions.md
references/claude-code-doc-map.md:16
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/model-config.md
references/claude-code-doc-map.md:17
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/troubleshooting.md
references/claude-code-doc-map.md:18
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/skills.md
references/claude-code-doc-map.md:22
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/hooks.md
references/claude-code-doc-map.md:23
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/hooks-guide.md
references/claude-code-doc-map.md:24
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/mcp.md
references/claude-code-doc-map.md:25
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/sub-agents.md
references/claude-code-doc-map.md:26
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/plugins.md
references/claude-code-doc-map.md:27
🔗
中危 外部 URL 外部 URL
https://code.claude.com/docs/en/plugins-reference.md
references/claude-code-doc-map.md:28

目录结构

35 文件 · 185.3 KB · 5403 行
Python 21f · 3790L Markdown 12f · 1348L Shell 1f · 203L YAML 1f · 62L
├─ 📁 references
│ ├─ 📝 bmad-agent-trigger-cheatsheet.md Markdown 96L · 1.9 KB
│ ├─ 📝 bmad-method-integration.md Markdown 126L · 3.4 KB
│ ├─ 📝 bmad-minimal-operator-flow.md Markdown 56L · 1.1 KB
│ ├─ 📝 bmad-prompt-templates.md Markdown 405L · 8.2 KB
│ ├─ 📝 bmad-v6-agent-workflow-map.md Markdown 93L · 1.8 KB
│ ├─ 📝 claude-code-doc-map.md Markdown 36L · 1.4 KB
│ ├─ 📝 claude-orchestration-control-plane.md Markdown 60L · 2.2 KB
│ ├─ 📝 claude-orchestrator-ops.md Markdown 104L · 2.0 KB
│ ├─ 📋 claude-orchestrator-profiles.yaml YAML 62L · 1.4 KB
│ ├─ 🔑 low-token-feedback-flow.md Markdown 33L · 1.1 KB
│ ├─ 📝 spec-driven-workflow.md Markdown 103L · 2.2 KB
│ └─ 📝 telegram-progress-notify.md Markdown 26L · 623 B
├─ 📁 scripts
│ ├─ 📁 dev
│ │ ├─ 🐍 __init__.py Python 0 B
│ │ ├─ 🐍 claude_acceptance_check.py Python 144L · 4.3 KB
│ │ ├─ 🐍 claude_event_summary.py Python 88L · 2.8 KB
│ │ └─ 🐍 claude_v2_smoke.py Python 177L · 6.8 KB
│ ├─ 📁 ops
│ │ ├─ 🐍 __init__.py Python 0 B
│ │ ├─ 🐍 claude_latest_run_report.py Python 104L · 3.5 KB
│ │ ├─ 🐍 claude_reconcile_runs.py Python 44L · 1.5 KB
│ │ ├─ 🐍 claude_recover_run.py Python 78L · 2.2 KB
│ │ ├─ 🐍 claude_run_report.py Python 115L · 4.5 KB
│ │ └─ 🐍 claude_user_update.py Python 120L · 4.1 KB
│ ├─ 🐍 claude_artifact_probe.py Python 220L · 7.8 KB
│ ├─ 🐍 claude_checkpoint.py Python 142L · 4.3 KB
│ ├─ 🐍 claude_code_run.py Python 239L · 8.8 KB
│ ├─ 🐍 claude_dispatch_update.py Python 69L · 1.9 KB
│ ├─ 🐍 claude_hook_event_logger.py Python 132L · 4.8 KB
│ ├─ 🐍 claude_orchestrator.py Python 1063L · 50.6 KB
│ ├─ 🐍 claude_run_registry.py Python 181L · 6.1 KB
│ ├─ 🐍 claude_watchdog.py Python 205L · 7.6 KB
│ ├─ 🐍 claude_workflow_adapter.py Python 210L · 7.9 KB
│ ├─ 🐍 install_claude_hooks.py Python 105L · 3.3 KB
│ ├─ 🐍 run_bmad_persona.py Python 354L · 12.9 KB
│ └─ 🔧 run_claude_task.sh Shell 203L · 5.2 KB
└─ 📝 SKILL.md Markdown 210L · 7.1 KB

依赖分析 2 项

包名版本来源已知漏洞备注
pexpect * pip Used for Claude Code process spawning—standard automation library
pyyaml * pip YAML profile parsing

安全亮点

✓ No base64, eval(), or obfuscation patterns found
✓ No credential theft (no access to ~/.ssh, ~/.aws, .env)
✓ No external HTTP requests except via openclaw messaging binary
✓ No data exfiltration or C2 communication
✓ Shell execution is the declared core function (not hidden)
✓ Uses standard libraries (pexpect, yaml, json) with no supply chain risks
✓ Well-structured orchestrator with watchdog and checkpoint mechanisms
✓ Clear execution paths documented in SKILL.md