中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
catchclaw
Search, install, and export agentars and teams from the CatchClaw marketplace
A legitimate agentar/team package manager with well-documented behavior, no malicious code, and appropriate security controls including path traversal protection, sensitive file filtering, and read-only network access.
技能名称catchclaw
分析耗时50.4s
引擎pi
可以安装
No action needed. The skill is safe for use. Optionally document the subprocess invocation in SKILL.md for transparency.

安全发现 4 项

严重性 安全发现 位置
低危
Subprocess invocation not documented in SKILL.md
The CLI uses spawnSync to invoke the 'openclaw' binary (agent creation, metadata enrichment). This is not declared in SKILL.md's metadata. The subprocess uses shell:false with array args, making command injection impossible. This is standard CLI behavior.
const { spawnSync } = _require(`node:${_cp}`)
→ Add to SKILL.md metadata under 'bins': 'openclaw' (optional), and note that the CLI invokes openclaw for agent creation and metadata enrichment.
 agentar_cli.mjs:180
低危
Trusted path list is a defense-in-depth measure — not in docs
The CLI restricts openclaw binary lookup to known-safe directories (TRUSTED_PATH_PREFIXES). This is good security hygiene but not declared in documentation.
const TRUSTED_PATH_PREFIXES = ...
→ No action needed — this is an internal hardening measure.
 agentar_cli.mjs:133
提示
Configurable API base URL
The default API endpoint is hardcoded (https://catchclaw.me) but can be overridden via --api-base-url flag or AGENTAR_API_BASE_URL env var. This is documented in SKILL.md.
AGENTAR_API_BASE_URL — Override the default API base URL
→ No action needed — this is documented and normal for CLI tools.
 SKILL.md:47
提示
Sensitive file filtering on export
The CLI filters .credentials, .env, .secret, .key, .pem files during export and skips them from ZIP packages. This is correctly documented in SKILL.md.
const SENSITIVE_PATTERNS = [".credentials", ".env", ".secret", ".key", ".pem"];
→ No action needed — this is a positive security feature.
 agentar_cli.mjs:80
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md lines 52-58 + agentar_cli.mjs:reads/writes ~/.agentar/, ~/.openclaw/, ~…
网络访问 READ READ ✓ 一致 SKILL.md line 6 + agentar_cli.mjs:httpGetJson/httpDownload — GET-only, no POST/u…
命令执行 NONE WRITE (subprocess) ✓ 一致 agentar_cli.mjs:findOpenclawBin+spawnOpenclawSync spawn openclaw binary (shell:f…
环境变量 READ READ ✓ 一致 SKILL.md lines 47-51 + agentar_cli.mjs:AGENTAR_HOME, AGENTAR_API_BASE_URL
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser access found
数据库 NONE NONE No database access found
技能调用 NONE NONE No skill invocation found
2 项发现
🔗
中危 外部 URL 外部 URL
https://catchclaw.me
SKILL.md:69
🔗
中危 外部 URL 外部 URL
https://nodejs.org/
SKILL.md:273

目录结构

2 文件 · 101.4 KB · 2721 行
JavaScript 1f · 2437L Markdown 1f · 284L
├─ 📜 agentar_cli.mjs JavaScript 2437L · 88.2 KB
└─ 📝 SKILL.md Markdown 284L · 13.2 KB

依赖分析 7 项

包名版本来源已知漏洞备注
node:fs built-in Node.js Built-in module only
node:http built-in Node.js Built-in module only
node:https built-in Node.js Built-in module only
node:os built-in Node.js Built-in module only
node:path built-in Node.js Built-in module only
node:readline built-in Node.js Built-in module only
node:zlib built-in Node.js Built-in module only

安全亮点

✓ No third-party dependencies — uses only Node.js built-in modules (fs, http, https, os, path, zlib, readline)
✓ Network operations are strictly read-only GET requests — no POST, no data exfiltration
✓ Path traversal protection: ZIP entries with '..' or absolute paths are rejected
✓ Symlink rejection in ZIP extraction
✓ Decompression bomb protection: 500 MB decompressed size limit, 10000 entry limit
✓ Sensitive files (.credentials, .env, .secret, .key, .pem) are filtered during export
✓ TRUSTED_PATH_PREFIXES restricts binary lookup to known-safe directories, mitigating PATH hijacking
✓ openclaw subprocess uses shell:false with array args — no command injection possible
✓ API key stored in skills/.credentials with .gitignore entry — local-only, not transmitted
✓ Automatic workspace backup before overwrite/rollback
✓ Version conflict detection with user confirmation prompts