安全决策报告
Bounty Hunter Agent
SKILL.md exposes multiple hardcoded credentials (DeepSeek API key, Soul marketplace key) in plaintext documentation, creating severe credential theft risk if this file is shared or accessed by unauthorized parties.
最直接的威胁证据
严重 凭证窃取
Hardcoded DeepSeek API Key in Documentation A valid DeepSeek API key (sk-5aa202974f284ecc9a82c95d9c7ca23e) is hardcoded in plaintext within SKILL.md. If this file is shared, published to ClawHub, or exposed in any way, the API key can be harvested and abused by threat actors.
SKILL.md:75 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Attacker obtains SKILL.md through ClawHub publication, repo leak, or shared documentation
reconnaissance · SKILL.md:1
02
Attacker extracts hardcoded DeepSeek API key from SKILL.md line 75
内部探测 · SKILL.md:75
03
Attacker extracts Soul marketplace key from SKILL.md line 26
内部探测 · SKILL.md:26
04
Attacker abuses stolen API credentials for their own AI services or resells them
最终危害 · N/A
风险分是怎么被拉高的
Hardcoded API key exposure +30
DeepSeek API key 'sk-5aa202974f284ecc9a82c95d9c7ca23e' exposed in SKILL.md line 75
Additional credential exposure +20
Soul marketplace key exposed in plaintext at line 26
No tool declarations present +5
Skill file lacks declared allowed-tools, cannot map to capability model
Documentation as attack surface +10
SKILL.md serves as agent instruction, credentials embedded in prompts could be extracted by malicious prompts
最关键的证据
严重 凭证窃取
Hardcoded DeepSeek API Key in Documentation
A valid DeepSeek API key (sk-5aa202974f284ecc9a82c95d9c7ca23e) is hardcoded in plaintext within SKILL.md. If this file is shared, published to ClawHub, or exposed in any way, the API key can be harvested and abused by threat actors.
SKILL.md:75 Remove the API key immediately. Use environment variable reference: ${DEEPSEEK_API_KEY} or document that users must set their own API key.
严重 凭证窃取
Hardcoded Soul Marketplace Key in Documentation
Soul marketplace authentication key is hardcoded in plaintext within SKILL.md, exposing the agent's marketplace credentials.
SKILL.md:26 Remove the Soul key from documentation. Use placeholder or document that this must be configured by the user.
中危 文档欺骗
No Declared Allowed-Tools Section
SKILL.md lacks an allowed-tools declaration, making it impossible to audit what resources this skill actually requires. This violates the expectation that SKILL.md should declare all permissions.
SKILL.md:1 Add an allowed-tools section documenting the minimal permissions required (e.g., shell:NONE, filesystem:READ for logs directory).
中危 敏感访问
References to Sensitive File Paths
SKILL.md references ~/.openclaw/workspace paths that may contain sensitive data (wallet backups, logs). While not directly accessing these, documenting them increases the attack surface.
SKILL.md:104 Avoid documenting exact paths to sensitive files. Use generic references instead.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 NONE
No file operations in this documentation-only skill 网络访问 通过
声明 NONE
→ 推断 NONE
No network calls defined; credentials are static references 命令执行 通过
声明 NONE
→ 推断 NONE
No shell commands in documentation 环境变量 阻止
声明 NONE
→ 推断 READ
References to env vars implied by configuration but not formally declared 可疑产物与外联
严重 API 密钥
sk-5aa202974f284ecc9a82c95d9c7ca23e SKILL.md:75
中危 外部 URL
https://soul.mds.markets/gellycat-adam-ai SKILL.md:17
中危 钱包地址
0x9d90d0e0b951fe9a7bbdfc274259cd8110349fc0 SKILL.md:30
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 178 行
Markdown 1 个文件 · 178 行
需关注文件 · 1
SKILL.md Hardcoded DeepSeek API Key in Documentation · Hardcoded Soul Marketplace Key in Documentation · No Declared Allowed-Tools Section · References to Sensitive File Paths · sk-5aa202974f284ecc9a82c95d9c7ca23e · https://soul.mds.markets/gellycat-adam-ai · 0x9d90d0e0b951fe9a7bbdfc274259cd8110349fc0
安全亮点
No executable code present - purely documentation
No shell commands or subprocess calls
No network requests or data exfiltration patterns
No obfuscation techniques observed
No supply chain dependencies to audit