Skill Trust Decision

task-progress-stream

Name: task-progress-stream Trust Review Report
Item: task-progress-stream
Rating: 65
Author: ClawSafe

技能功能表面合理，但存在多处文档未声明的副作用操作：状态文件写入本地目录、通过openclaw gateway本地通信、执行shell命令。缺少敏感路径隔离和命令白名单机制，存在被滥用执行任意命令的风险。

Install decision first Source: ClawHub Scanned: Apr 6, 2026

Files 2

Artifacts 0

Violations 4

Findings 4

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

4 undeclared or violating capabilities were inferred.

Pass

Hidden execution and egress

No obvious high-risk egress or execution signals were found.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

What drove the risk score up

未声明的文件系统写入 +10

SKILL.md未说明会写入 $cwd/runs/task-progress-stream/ 目录

通过openclaw gateway通信 +5

未声明与本地openclaw gateway交互行为

shell执行权限宽泛 +15

使用/bin/bash -lc执行任意用户命令，无命令白名单

进程组管理可能误杀 +5

process.kill(-child.pid)可能影响非相关进程

Most important evidence

Medium Doc Mismatch

状态文件写入未声明

代码会将进度状态写入 $cwd/runs/task-progress-stream/*.status.json 和 *.status.md，SKILL.md完全未提及

scripts/task_progress_stream.js:206

SKILL.md应明确说明输出文件位置和内容

Medium Doc Mismatch

OpenClaw Gateway通信未声明

代码通过spawn openclaw gateway call chat.inject与本地聊天系统交互，SKILL.md未提及此行为

scripts/task_progress_stream.js:244

SKILL.md应说明会调用OpenClaw API注入消息

Medium RCE

任意shell命令执行无限制

--cmd参数直接传入/bin/bash -lc执行，可执行任意shell命令，缺少命令白名单或路径限制

scripts/task_progress_stream.js:298

考虑添加--allowed-commands参数限制可执行范围

Low Priv Escalation

进程组管理可能误杀系统进程

process.kill(-child.pid)使用负PID杀死整个进程组，可能意外终止无关进程

scripts/task_progress_stream.js:330

考虑只杀死子进程而非整个进程组

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

scripts/task_progress_stream.js:206-207 writeJson/writeText写入状态文件

Shell Block

Declared NONE

→

Inferred WRITE

scripts/task_progress_stream.js:298 spawn '/bin/bash' '-lc' cmd

Environment Block

Declared NONE

→

Inferred READ

scripts/task_progress_stream.js:292 cwd参数来自用户

Network Block

Declared NONE

→

Inferred READ

scripts/task_progress_stream.js:244 spawn openclaw gateway本地通信

Suspicious artifacts and egress

No obvious IOC was extracted.

Dependencies and supply chain

There are no structured dependency warnings.

File composition

2 files · 528 lines

JavaScript 1 files · 473 linesMarkdown 1 files · 55 lines

Files of concern · 1

scripts/task_progress_stream.js JavaScript · 473 lines

状态文件写入未声明 · OpenClaw Gateway通信未声明 · 任意shell命令执行无限制 · 进程组管理可能误杀系统进程

Other files · SKILL.md

Security positives

无外部网络请求，仅本地openclaw通信

无凭证窃取或环境变量遍历行为

无Base64或混淆代码

无HTML注释隐藏指令

核心功能(进度解析)实现合理