agency-hq 安全扫描报告 — 低风险 | ClawSafe

20 /100

agency-hq

A pixel art office visualization for AI agent teams. Shows real-time agent status, activity feeds, and personality-driven banter. Works with OpenClaw in live mode or standalone in demo mode.

A pixel-art visualization dashboard that reads OpenClaw session files and system stats; all core behavior is documented though a few minor filesystem paths accessed are not explicitly declared.

技能名称agency-hq

分析耗时48.3s

引擎pi

✓

可以安装

No blocking action needed. Consider documenting the undeclared ~/.openclaw/cron/runs/ path access in SKILL.md for full transparency.

安全发现 2 项

严重性	安全发现	位置
低危	Undeclared cron/runs directory access 文档欺骗 activity/route.ts reads files from ~/.openclaw/cron/runs/.jsonl to display cron job activities. This is a filesystem:READ operation on a path not mentioned in SKILL.md. `const cronRunsDir = path.join(openclawHome, 'cron', 'runs');` → Add 'cron/runs/.jsonl' to the documented filesystem access scope in SKILL.md under 'How Live Mode Works'.	`src/app/api/agents/activity/route.ts:52`
低危	Undeclared ps aux process listing 文档欺骗 status/route.ts uses `ps aux \| grep` to determine if an agent is running. SKILL.md lists uptime/free/df as the system commands used but does not mention ps. const result = execSync(`ps aux \| grep -i "agent.*${agentId}" \| grep -v grep \| head -1`, { encoding: 'utf-8', timeout: 3000 }); → Update SKILL.md to list 'ps aux' as an additional system command used for agent process detection.	`src/app/api/agents/status/route.ts:62`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md declares scanning ~/.openclaw/agents/{id}/sessions/*.jsonl; activity/ro…
命令执行	`READ`	`READ`	✓ 一致	stats/route.ts:9-36 uses execSync for uptime, /proc/loadavg, free -m, df — all l…
环境变量	`NONE`	`READ`	✓ 一致	HOME and ARENA_MODE env vars are read; no sensitive key iteration
网络访问	`NONE`	`NONE`	—	No outbound network requests found; only internal localhost responses
剪贴板	`NONE`	`NONE`	—	Not accessed
浏览器	`NONE`	`NONE`	—	UI component only, no browser automation
数据库	`NONE`	`NONE`	—	SKILL.md explicitly states 'No database'
技能调用	`NONE`	`NONE`	—	No skill self-invocation or subprocess spawning of other skills

3 项发现

🔗

中危外部 URL 外部 URL

https://vercel.com/button

README.md:123

🔗

中危外部 URL 外部 URL

https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fenjinstudio%2Fagency-hq

README.md:123

🔗

中危外部 URL 外部 URL

https://enjinstudio.com

README.md:198

目录结构

25 文件 · 155.6 KB · 4415 行

TypeScript 12f · 3877L Markdown 2f · 295L JavaScript 3f · 113L CSS 1f · 68L JSON 2f · 62L

├─ ▾ 📁 public

│ ├─ 📦 file.svg 391 B

│ ├─ 📦 globe.svg 1.0 KB

│ ├─ 📦 next.svg 1.3 KB

│ ├─ 📦 vercel.svg 128 B

│ └─ 📦 window.svg 385 B

├─ ▾ 📁 scripts

│ └─ 📜 generate-og-image.js JavaScript 88L · 2.3 KB

├─ ▾ 📁 src

│ ├─ ▾ 📁 app

│ │ ├─ ▾ 📁 api

│ │ │ └─ ▾ 📁 agents

│ │ │ ├─ ▾ 📁 activity

│ │ │ │ └─ 📜 route.ts TypeScript 162L · 6.4 KB

│ │ │ ├─ ▾ 📁 mode

│ │ │ │ └─ 📜 route.ts TypeScript 6L · 193 B

│ │ │ ├─ ▾ 📁 stats

│ │ │ │ └─ 📜 route.ts TypeScript 97L · 2.7 KB

│ │ │ └─ ▾ 📁 status

│ │ │ └─ 📜 route.ts TypeScript 158L · 4.8 KB

│ │ ├─ 📄 globals.css CSS 68L · 1.1 KB

│ │ ├─ 📜 layout.tsx TypeScript 33L · 983 B

│ │ └─ 📜 page.tsx TypeScript 270L · 10.8 KB

│ ├─ ▾ 📁 components

│ │ ├─ 📜 ActivityPanel.tsx TypeScript 422L · 17.9 KB

│ │ └─ 📜 PixelOffice.tsx TypeScript 2241L · 75.8 KB

│ └─ ▾ 📁 lib

│ ├─ 📜 agent-chat.ts TypeScript 279L · 8.3 KB

│ ├─ 📜 agents.ts TypeScript 77L · 3.3 KB

│ └─ 📜 demo-data.ts TypeScript 125L · 6.5 KB

├─ 📜 eslint.config.mjs JavaScript 18L · 465 B

├─ 📜 next.config.ts TypeScript 7L · 133 B

├─ 📋 package.json JSON 28L · 582 B

├─ 📜 postcss.config.mjs JavaScript 7L · 94 B

├─ 📝 README.md Markdown 198L · 6.6 KB

├─ 📝 SKILL.md Markdown 97L · 3.1 KB

└─ 📋 tsconfig.json JSON 34L · 670 B

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`next`	`16.1.6`	npm	否	Pinned major version
`pixi.js`	`^8.17.0`	npm	否	Major version pinned
`react`	`19.2.3`	npm	否	Exact version
`canvas`	`^3.2.1`	npm (dev)	否	Used only in build script generate-og-image.js

安全亮点

✓ No credential harvesting — skill never reads SSH keys, AWS credentials, .env, or similar sensitive paths

✓ No data exfiltration — no outbound HTTP requests to external IPs

✓ No obfuscation — no base64, atob(), or encoded payload patterns

✓ No supply chain threats — all npm dependencies are standard with pinned major versions

✓ Shell commands are limited to read-only monitoring tools (uptime, free, df, ps, cat /proc/loadavg)

✓ Filesystem access is scoped to the user's own OpenClaw session data, not arbitrary system files

✓ Demo mode provides a zero-access fallback that works without touching any local resources

✓ SKILL.md correctly states 'No database. No external APIs.' — confirmed by code review

✓ Process listing via ps aux is used only to check local agent status, not for any credential or data gathering