Bounty Hunter Agent 安全扫描报告 — 高风险 | ClawSafe

65 /100

Bounty Hunter Agent

AI Agent for DR. Wang Guopeng's side business automation - includes Soul.Markets AI services, ClawHub skill publishing, Jarvis-Invest trading system, and Personal CFO financial management

SKILL.md exposes multiple hardcoded credentials (DeepSeek API key, Soul marketplace key) in plaintext documentation, creating severe credential theft risk if this file is shared or accessed by unauthorized parties.

技能名称Bounty Hunter Agent

分析耗时31.1s

引擎pi

⛔

不要安装此技能

Remove all hardcoded credentials from SKILL.md. Store API keys in environment variables or a secure secrets manager. Use placeholder references like $DEEPSEEK_API_KEY instead of actual values. Never include live credentials in documentation that may be shared or published.

攻击链 4 步

⬡

提权 Attacker obtains SKILL.md through ClawHub publication, repo leak, or shared documentation

SKILL.md:1

⬡

提权 Attacker extracts hardcoded DeepSeek API key from SKILL.md line 75

SKILL.md:75

⬡

提权 Attacker extracts Soul marketplace key from SKILL.md line 26

SKILL.md:26

◉

影响 Attacker abuses stolen API credentials for their own AI services or resells them

N/A

安全发现 4 项

严重性	安全发现	位置
严重	Hardcoded DeepSeek API Key in Documentation 凭证窃取 A valid DeepSeek API key (sk-5aa202974f284ecc9a82c95d9c7ca23e) is hardcoded in plaintext within SKILL.md. If this file is shared, published to ClawHub, or exposed in any way, the API key can be harvested and abused by threat actors. DeepSeek API Key: `sk-5aa202974f284ecc9a82c95d9c7ca23e` → Remove the API key immediately. Use environment variable reference: ${DEEPSEEK_API_KEY} or document that users must set their own API key.	`SKILL.md:75`
严重	Hardcoded Soul Marketplace Key in Documentation 凭证窃取 Soul marketplace authentication key is hardcoded in plaintext within SKILL.md, exposing the agent's marketplace credentials. Soul Key: `soul_5ada62059ba0f801018634ad14aac894054116a189f1659c33e68544a12912aa` → Remove the Soul key from documentation. Use placeholder or document that this must be configured by the user.	`SKILL.md:26`
中危	No Declared Allowed-Tools Section 文档欺骗 SKILL.md lacks an allowed-tools declaration, making it impossible to audit what resources this skill actually requires. This violates the expectation that SKILL.md should declare all permissions. `No allowed-tools declaration found` → Add an allowed-tools section documenting the minimal permissions required (e.g., shell:NONE, filesystem:READ for logs directory).	`SKILL.md:1`
中危	References to Sensitive File Paths 敏感访问 SKILL.md references ~/.openclaw/workspace paths that may contain sensitive data (wallet backups, logs). While not directly accessing these, documenting them increases the attack surface. 钱包备份: `~/.openclaw/workspace/bounty-hunter/wallet/gellycat-wallet.json` → Avoid documenting exact paths to sensitive files. Use generic references instead.	`SKILL.md:104`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in this documentation-only skill
网络访问	`NONE`	`NONE`	—	No network calls defined; credentials are static references
命令执行	`NONE`	`NONE`	—	No shell commands in documentation
环境变量	`NONE`	`READ`	✗ 越权	References to env vars implied by configuration but not formally declared

1 严重 3 项发现

🔑

严重 API 密钥硬编码 API 密钥

sk-5aa202974f284ecc9a82c95d9c7ca23e

SKILL.md:75

🔗

中危外部 URL 外部 URL

https://soul.mds.markets/gellycat-adam-ai

SKILL.md:17

💰

中危钱包地址加密货币钱包地址

0x9d90d0e0b951fe9a7bbdfc274259cd8110349fc0

SKILL.md:30

目录结构

1 文件 · 4.3 KB · 178 行

Markdown 1f · 178L

└─ 📝 SKILL.md Markdown 178L · 4.3 KB

安全亮点

✓ No executable code present - purely documentation

✓ No shell commands or subprocess calls

✓ No network requests or data exfiltration patterns

✓ No obfuscation techniques observed

✓ No supply chain dependencies to audit