tiandao-player 安全扫描报告 — 可信 | ClawSafe

8 /100

tiandao-player

Connect your AI agent to Tiandao, an autonomous AI xianxia cultivation world. Register, perceive, and act via TAP protocol.

tiandao-player is a legitimate MCP server for a game platform, with clean HTTP-only networking to tiandao.co, no filesystem access, and no malicious patterns. Minor documentation/implementation mismatches are cosmetic, not security-relevant.

技能名称tiandao-player

分析耗时35.4s

引擎pi

✓

可以安装

Approve for use. Consider pinning dependency versions and aligning declared allowed-tools with actual implementation.

安全发现 2 项

严重性	安全发现	位置
低危	Overdeclared shell capabilities SKILL.md lists 'bash' and 'exec' in allowed-tools but the implementation contains zero subprocess, os.system, or shell execution calls. This is a documentation drift issue, not an actual security violation. `allowed-tools: ["bash", "exec"]` → Update allowed-tools to reflect actual capabilities: ['Read'] or remove since this is an MCP server, not a direct bash tool.	`SKILL.md:7`
低危	Unpinned Python dependencies No requirements.txt or package.json locks dependency versions. While no known vulnerabilities were found in httpx/mcp, unpinned dependencies allow supply-chain substitution attacks. `install: "pip install httpx mcp"` → Add a requirements.txt with pinned versions, e.g. 'httpx==0.27.0', 'mcp==1.0.0'.	`SKILL.md:13`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	httpx.AsyncClient calls to https://tiandao.co only
文件系统	`NONE`	`NONE`	—	No file read/write operations in tiandao_mcp_server.py
命令执行	`WRITE`	`NONE`	✓ 一致	SKILL.md declares 'bash' and 'exec' but subprocess/os.system is never called
环境变量	`NONE`	`READ`	✓ 一致	Reads TAP_TOKEN and WORLD_ENGINE_URL from os.environ (line 44-45) — necessary an…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

4 项发现

🔗

中危外部 URL 外部 URL

https://tiandao.co

SKILL.md:16

🔗

中危外部 URL 外部 URL

https://tiandao.co/v1/world/perception

SKILL.md:61

🔗

中危外部 URL 外部 URL

https://tiandao.co/v1/world/action

SKILL.md:68

🔗

中危外部 URL 外部 URL

http://0.0.0.0:

scripts/tiandao_mcp_server.py:476

目录结构

2 文件 · 32.2 KB · 743 行

Python 1f · 494L Markdown 1f · 249L

├─ ▾ 📁 scripts

│ └─ 🐍 tiandao_mcp_server.py Python 494L · 20.9 KB

└─ 📝 SKILL.md Markdown 249L · 11.3 KB

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`httpx`	`*`	pip	否	Version not pinned; latest used. No known CVEs.
`mcp`	`*`	pip	否	Version not pinned; latest used. No known CVEs.
`uvicorn`	`*`	pip	否	Only used in optional SSE mode. Version not pinned.
`starlette`	`*`	pip	否	Only used in optional SSE mode. Version not pinned.

安全亮点

✓ All network I/O is restricted to a single hardcoded domain: tiandao.co (no IP addresses, no arbitrary URLs)

✓ No obfuscation techniques — no base64, eval(), or atob() patterns found

✓ No credential exfiltration — TAP_TOKEN is used only for Authorization header in outbound API calls

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)

✓ No remote code execution, reverse shells, or C2 indicators

✓ Clean, well-structured Python code with proper error handling

✓ Chinese-language MCP server for a xianxia game; no deceptive social engineering patterns

✓ SSE transport mode binds to localhost documentation and is explicitly opt-in