中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:18 小时前 重新扫描
45 /100
research-archive-query
统一查询本地研究资料库,默认同时搜索 AlphaPai 归档和 knowledge_bases,支持精确检索、向量检索和混合检索
Skill is a legitimate research archive query tool but has a significant doc-to-code mismatch: SKILL.md does not declare that it uses shell:WRITE via subprocess to invoke external scripts, and it depends on unsandboxed external scripts outside its own codebase.
技能名称research-archive-query
分析耗时44.6s
引擎pi
谨慎使用
Document the subprocess-based shell execution. Pin versions for any third-party imports. Add integrity verification for external script paths before execution.

安全发现 4 项

严重性 安全发现 位置
中危
Undeclared subprocess/shell execution 文档欺骗
SKILL.md does not declare shell:WRITE capability. The skill uses subprocess.run() in unified_query.py (line 76), registry.py (via adapter commands), and publish_skill.py (line 58) to execute external CLI tools. This is a doc-to-code mismatch.
result = subprocess.run(command, capture_output=True, text=True)
→ Update SKILL.md to explicitly declare shell:WRITE for subprocess execution of archive query scripts.
 scripts/unified_query.py:76
中危
Dynamic import from external workspace scripts 供应链
The skill imports run_ai_analysis and load_settings from alphapai-scraper scripts via dynamic path calculation (WORKSPACE_ROOT / 'skills/alphapai-scraper/scripts'). These external scripts are not bundled or verified.
sys.path.insert(0, str(ALPHAPAI_SCRIPT_DIR)); from analyze import run_ai_analysis
→ Either bundle required functions or verify script integrity before importing. Document the external dependency on alphapai-scraper.
 scripts/unified_query.py:29
中危
Hardcoded external script paths with no integrity verification 文档欺骗
registry.py hardcodes paths to ALPHAPAI_QUERY_SCRIPT and KB_ENGINE_SCRIPT pointing to scripts outside the skill's control. No checks verify these scripts haven't been tampered with.
ALPHAPAI_QUERY_SCRIPT = WORKSPACE_ROOT / 'skills/alphapai-scraper/scripts/query_comments.py'
→ Add path existence checks or hash verification before executing external scripts.
 scripts/registry.py:14
低危
No dependency pinning 供应链
No requirements.txt, package.json, or Cargo.toml found. Python stdlib is used directly but third-party libraries like json, subprocess, pathlib are all built-in.
No dependency file
→ Create a requirements.txt or pyproject.toml to pin any third-party dependencies.
 scripts/unified_query.py:1
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 scripts/unified_query.py:29 - subprocess.run()
命令执行 NONE WRITE ✗ 越权 scripts/registry.py:47 - subprocess via build_exact_command()
命令执行 NONE WRITE ✗ 越权 scripts/publish_skill.py:58 - subprocess.run(clawhub)
文件系统 WRITE WRITE ✓ 一致 scripts/unified_query.py:59 - Path.write_text() for reports

目录结构

7 文件 · 27.8 KB · 849 行
Python 5f · 754L Markdown 1f · 88L YAML 1f · 7L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 7L · 356 B
├─ 📁 scripts
│ ├─ 🐍 adapter_template.py Python 95L · 2.9 KB
│ ├─ 🐍 package_skill.py Python 51L · 1.1 KB
│ ├─ 🐍 publish_skill.py Python 105L · 2.6 KB
│ ├─ 🐍 registry.py Python 135L · 3.6 KB
│ └─ 🐍 unified_query.py Python 368L · 14.7 KB
└─ 📝 SKILL.md Markdown 88L · 2.5 KB

安全亮点

✓ No credential harvesting or sensitive path access observed
✓ No base64 encoding, eval(), or obfuscation detected
✓ No curl|bash or wget|sh remote script execution
✓ No direct IP network requests or C2 communication
✓ No hidden instructions in HTML comments or documentation
✓ File writes are limited to a controlled output directory in ~/.openclaw/data/
✓ subprocess is used for legitimate CLI tool invocation (alphapai-scraper, kb_engine, clawhub)