ClawChimera · 融合怪测试 ECS 安全扫描报告 — 低风险 | ClawSafe

15 /100

ClawChimera · 融合怪测试 ECS

基于 oneclickvirt/ecs 的 VPS 全方位性能与网络测试 Skill，支持 CPU/内存/磁盘基准、流媒体解锁、IP 质量、三网路由等 12 项测试。

This is a legitimate open-source VPS benchmarking tool (oneclickvirt/ecs) with clear documentation, MIT-0 license, and publicly verifiable GitHub source. The main concern is that the default `-upload=true` behavior sends test results to a public pastebin without explicit emphasis in SKILL.md.

技能名称ClawChimera · 融合怪测试 ECS

分析耗时48.8s

引擎pi

✓

可以安装

Consider explicitly documenting the default upload behavior and adding `-upload=false` as the safer default, or prompting for user confirmation before uploading.

安全发现 4 项

严重性	安全发现	位置
低危	Upload-to-pastebin default not prominently documented 文档欺骗 SKILL.md usage section describes 'bash run.sh' without mentioning that -upload=true (the default) causes test results to be uploaded to a public pastebin (likely box-js or similar). Users may unknowingly expose their VPS configuration and IP address publicly. `"$binary" -menu=false "$@" # -upload defaults to true, not -upload=false` → Either change the default to -upload=false in run.sh, or prominently document the upload behavior in SKILL.md with a warning about data exposure.	`run.sh:295`
低危	Undeclared clipboard access in analyze.sh 敏感访问 The --copy flag in analyze.sh accesses system clipboard via xclip/xsel/pbcopy, which constitutes clipboard:WRITE access not declared in SKILL.md capability section. `xclip -selection clipboard \| xsel --clipboard --input \| pbcopy` → Declare clipboard:WRITE in the skill's capability manifest if clipboard access is a core feature.	`analyze.sh:327`
低危	Undeclared local AI tool invocation 文档欺骗 The --call-ai flag in analyze.sh can invoke local AI tools (llm, aichat, ollama) by piping the analysis prompt to them. This is a skill_invoke:WRITE capability that is not declared. `llm \| aichat \| ollama run "$MODEL"` → Document this capability or restrict --call-ai to an opt-in mode with explicit user confirmation.	`analyze.sh:339`
提示	Binary not pinned to a specific version 供应链 run.sh dynamically fetches the latest version tag from GitHub API rather than pinning a known-good version. While GitHub releases are versioned, this introduces a time-of-check-time-of-use (TOCTOU) risk where a new release could break functionality or introduce unexpected behavior. `ver=$(http_text "$GITHUB_API" \| grep '"tag_name"' ...)` → Consider pinning a known-good version in skill.json (e.g., env: { ECS_VERSION: "1.2.3" }) and using that for downloads.	`run.sh:144`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	run.sh:295 - "$binary" -menu=false "$@"
文件系统	`READ`	`READ`	✓ 一致	run.sh:298 - cat "$result_file"; analyze.sh reads goecs.txt
网络访问	`READ`	`READ`	✓ 一致	run.sh:144-211 downloads binary from GitHub/CDN; ipapi.co/ip-api.com for geo det…
剪贴板	`NONE`	`WRITE`	✓ 一致	analyze.sh:327-336 --copy flag uses xclip/xsel/pbcopy
技能调用	`NONE`	`WRITE`	✓ 一致	analyze.sh:338-354 --call-ai invokes llm/aichat/ollama

16 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/license-GPL--3.0-green.svg

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/upstream-oneclickvirt%2Fecs-orange.svg

README.md:4

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/platform-clawhub.ai-blue.svg

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.ai

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.ai/upload

README.md:27

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/go-1.22+-blue.svg

README.md:154

🔗

中危外部 URL 外部 URL

https://golang.org

README.md:154

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT-0

SKILL.md:102

🔗

中危外部 URL 外部 URL

https://cdn0.spiritlhl.top/

run.sh:31

🔗

中危外部 URL 外部 URL

http://cdn3.spiritlhl.net/

run.sh:31

🔗

中危外部 URL 外部 URL

http://cdn1.spiritlhl.net/

run.sh:31

🔗

中危外部 URL 外部 URL

http://cdn2.spiritlhl.net/

run.sh:31

🔗

中危外部 URL 外部 URL

https://ipapi.co/json

run.sh:127

🔗

中危外部 URL 外部 URL

http://ip-api.com/json/?fields=countryCode

run.sh:131

🔗

中危外部 URL 外部 URL

https://cnb.cool/api/v1/repos/oneclickvirt/ecs/releases/latest

run.sh:148

🔗

中危外部 URL 外部 URL

https://cnb.cool/oneclickvirt/ecs/-/releases/download/v$

run.sh:211

目录结构

6 文件 · 59.9 KB · 1557 行

Shell 3f · 844L Markdown 2f · 530L JSON 1f · 183L

├─ 🔧 analyze.sh Shell 450L · 22.1 KB

├─ 🔧 pack.sh Shell 38L · 1.1 KB

├─ 📝 README.md Markdown 428L · 13.1 KB

├─ 🔧 run.sh Shell 356L · 15.4 KB

├─ 📋 skill.json JSON 183L · 4.8 KB

└─ 📝 SKILL.md Markdown 102L · 3.4 KB

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`goecs (binary)`	`latest (dynamic)`	GitHub Releases	否	Binary fetched at runtime from github.com/oneclickvirt/ecs; version not pinned
`curl`	`any`	system	否	Preferred download tool, falls back to wget
`wget`	`any`	system	否	Fallback download tool
`unzip`	`any`	system	否	Used to extract goecs zip; falls back to python3
`python3`	`any`	system	否	Fallback unzip; also used for analysis parsing

安全亮点

✓ Open-source project (MIT-0 license) with publicly verifiable source at github.com/oneclickvirt/ecs

✓ Skill metadata is well-structured and comprehensive in skill.json

✓ No obfuscation or encoded payloads detected — all scripts are plain shell

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No credential harvesting or environment variable exfiltration

✓ No persistence mechanisms (no cron, no startup hooks, no backdoors)

✓ Binary downloaded over HTTPS from GitHub with CDN fallback

✓ Multiple fallback download sources to avoid single point of failure

✓ Cache directory is sandboxed to ~/.cache/clawchimera/ with version isolation

✓ No base64-encoded commands or eval() patterns

✓ Uses standard CLI tools (curl/wget, unzip/python) rather than custom binaries