research-archive-query Security Report — Suspicious | ClawSafe

45 /100

research-archive-query

统一查询本地研究资料库，默认同时搜索 AlphaPai 归档和 knowledge_bases，支持精确检索、向量检索和混合检索

Skill is a legitimate research archive query tool but has a significant doc-to-code mismatch: SKILL.md does not declare that it uses shell:WRITE via subprocess to invoke external scripts, and it depends on unsandboxed external scripts outside its own codebase.

Skill Nameresearch-archive-query

Duration44.6s

Enginepi

⚠

Use with caution

Document the subprocess-based shell execution. Pin versions for any third-party imports. Add integrity verification for external script paths before execution.

Findings 4 items

Severity	Finding	Location
Medium	Undeclared subprocess/shell execution Doc Mismatch SKILL.md does not declare shell:WRITE capability. The skill uses subprocess.run() in unified_query.py (line 76), registry.py (via adapter commands), and publish_skill.py (line 58) to execute external CLI tools. This is a doc-to-code mismatch. `result = subprocess.run(command, capture_output=True, text=True)` → Update SKILL.md to explicitly declare shell:WRITE for subprocess execution of archive query scripts.	`scripts/unified_query.py:76`
Medium	Dynamic import from external workspace scripts Supply Chain The skill imports run_ai_analysis and load_settings from alphapai-scraper scripts via dynamic path calculation (WORKSPACE_ROOT / 'skills/alphapai-scraper/scripts'). These external scripts are not bundled or verified. `sys.path.insert(0, str(ALPHAPAI_SCRIPT_DIR)); from analyze import run_ai_analysis` → Either bundle required functions or verify script integrity before importing. Document the external dependency on alphapai-scraper.	`scripts/unified_query.py:29`
Medium	Hardcoded external script paths with no integrity verification Doc Mismatch registry.py hardcodes paths to ALPHAPAI_QUERY_SCRIPT and KB_ENGINE_SCRIPT pointing to scripts outside the skill's control. No checks verify these scripts haven't been tampered with. `ALPHAPAI_QUERY_SCRIPT = WORKSPACE_ROOT / 'skills/alphapai-scraper/scripts/query_comments.py'` → Add path existence checks or hash verification before executing external scripts.	`scripts/registry.py:14`
Low	No dependency pinning Supply Chain No requirements.txt, package.json, or Cargo.toml found. Python stdlib is used directly but third-party libraries like json, subprocess, pathlib are all built-in. `No dependency file` → Create a requirements.txt or pyproject.toml to pin any third-party dependencies.	`scripts/unified_query.py:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	scripts/unified_query.py:29 - subprocess.run()
Shell	`NONE`	`WRITE`	✗ Violation	scripts/registry.py:47 - subprocess via build_exact_command()
Shell	`NONE`	`WRITE`	✗ Violation	scripts/publish_skill.py:58 - subprocess.run(clawhub)
Filesystem	`WRITE`	`WRITE`	✓ Aligned	scripts/unified_query.py:59 - Path.write_text() for reports

File Tree

7 files · 27.8 KB · 849 lines

Python 5f · 754L Markdown 1f · 88L YAML 1f · 7L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 7L · 356 B

├─ ▾ 📁 scripts

│ ├─ 🐍 adapter_template.py Python 95L · 2.9 KB

│ ├─ 🐍 package_skill.py Python 51L · 1.1 KB

│ ├─ 🐍 publish_skill.py Python 105L · 2.6 KB

│ ├─ 🐍 registry.py Python 135L · 3.6 KB

│ └─ 🐍 unified_query.py Python 368L · 14.7 KB

└─ 📝 SKILL.md Markdown 88L · 2.5 KB

Security Positives

✓ No credential harvesting or sensitive path access observed

✓ No base64 encoding, eval(), or obfuscation detected

✓ No curl|bash or wget|sh remote script execution

✓ No direct IP network requests or C2 communication

✓ No hidden instructions in HTML comments or documentation

✓ File writes are limited to a controlled output directory in ~/.openclaw/data/

✓ subprocess is used for legitimate CLI tool invocation (alphapai-scraper, kb_engine, clawhub)

Scan Report

Findings 4 items

File Tree

Security Positives