115-skills 安全扫描报告 — 低风险 | ClawSafe

22 /100

115-skills

115 网盘智能管理：扫码登录、文件浏览、搜索、转存、离线下载、智能整理

This is a legitimate 115 cloud disk management skill with primarily benign code, but contains minor security concerns: an undeclared Puppeteer browser-automation module, disabled SSL verification in HTTP client, and hard-coded test IPs in User-Agent strings.

技能名称115-skills

分析耗时62.1s

引擎pi

✓

可以安装

Review the unused auth-puppeteer.js module before production use, remove or document the rejectUnauthorized:false setting in lib/auth-web.js, and replace hard-coded IPs in User-Agent strings with actual version identifiers. Overall the code performs its stated 115 cloud management functions without evidence of credential theft or data exfiltration.

安全发现 5 项

严重性	安全发现	位置
中危	Undeclared Puppeteer headless browser module 文档欺骗 lib/auth-puppeteer.js contains a complete Puppeteer-based authentication module that launches a headless Chrome browser, navigates to 115.com, extracts QR codes from the DOM, and captures cookies. This module is not instantiated in index.js and is not declared in SKILL.md. While it is currently dead code, its presence is a significant undeclared capability that could be activated to perform browser automation and DOM scraping. `this.browser = await puppeteer.launch({ headless: 'new', args: ['--no-sandbox', '--disable-setuid-sandbox'] })` → Either remove the auth-puppeteer.js file if unused, or explicitly declare its browser automation capability in SKILL.md with proper documentation of what data it accesses from web pages.	`lib/auth-puppeteer.js:15`
低危	Unpinned dependency versions in package.json 供应链 Several packages in package.json use caret (^) version ranges including axios@^1.6.0, puppeteer@^24.39.1, qrcode@^1.5.3, and qs@^6.15.0. While these are all legitimate and widely-used packages, unpinned versions allow supply chain attacks to slip in through minor version updates. `"axios": "^1.6.0", "puppeteer": "^24.39.1", "qrcode": "^1.5.3", "qs": "^6.15.0"` → Pin all dependency versions to exact versions (remove ^ prefix) and consider verifying checksums. Use package-lock.json or yarn.lock and commit it to ensure reproducible builds.	`package.json:29`
低危	Disabled TLS certificate verification 敏感访问 lib/auth-web.js sets rejectUnauthorized: false in the HTTPS agent configuration. This disables SSL/TLS certificate verification for all outbound HTTPS requests to 115.com, making the HTTP client vulnerable to man-in-the-middle attacks. `httpsAgent: new https.Agent({ rejectUnauthorized: false })` → Remove the rejectUnauthorized: false setting. The default Node.js behavior of verifying TLS certificates provides critical security. If SSL verification fails in production, investigate the root cause rather than disabling it.	`lib/auth-web.js:21`
提示	Hard-coded test IP addresses in User-Agent strings 文档欺骗 Two placeholder IP addresses appear in User-Agent headers: '120.0.0.0' in lib/auth-puppeteer.js line 39, and '23.9.3.2' in lib/auth.js line 20 (User-Agent: 'Mozilla/5.0 115Browser/23.9.3.2'). These appear to be test/fake IP addresses used as version identifiers. They are not used as network connection targets, so they are not active C2 indicators. However, the '23.9.3.2' string is suspicious as it could be mistaken for a command-and-control IP. `'User-Agent': 'Mozilla/5.0 115Browser/23.9.3.2'` → Replace hard-coded test IPs with legitimate application version strings. The '23.9.3.2' should be replaced with the actual 115Browser version or a generic user agent.	`lib/auth.js:20`
提示	Undeclared filesystem write access 权限提升 The SKILL.md declares only 'Read, Grep, Glob, Bash' as allowed-tools, but the cookie-store.js module performs filesystem WRITE operations to create and write to ~/.openclaw/115-cookie.json. While this is necessary for cookie persistence, it is not declared in the skill documentation. `fs.writeFileSync(this.storagePath, encrypted, { mode: 0o600 })` → Update SKILL.md to document that the skill writes encrypted cookie data to ~/.openclaw/115-cookie.json as part of its login persistence feature.	`lib/storage/cookie-store.js:17`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	index.js uses fs via cookie-store.js for storing encrypted cookies at ~/.opencla…
网络访问	`NONE`	`READ`	✗ 越权	All lib/* modules make outbound HTTP requests to 115.com APIs via axios; not dec…
命令执行	`WRITE`	`NONE`	✓ 一致	Bash is declared in allowed-tools but no shell commands are executed in the code…
环境变量	`NONE`	`READ`	✓ 一致	lib/storage/cookie-store.js reads process.env.HOME to determine storage path
浏览器	`NONE`	`READ`	✗ 越权	lib/auth-puppeteer.js uses Puppeteer to launch headless Chrome, screenshot pages…
数据库	`NONE`	`NONE`	—	No database access detected

2 高危 14 项发现

📡

高危 IP 地址硬编码 IP 地址

120.0.0.0

lib/auth-puppeteer.js:39

📡

高危 IP 地址硬编码 IP 地址

23.9.3.2

lib/auth.js:20

🔗

中危外部 URL 外部 URL

https://115.com/s/SHARE_CODE

SKILL.md:148

🔗

中危外部 URL 外部 URL

https://115.com/s/xxx

index.js:207

🔗

中危外部 URL 外部 URL

https://115.com/

lib/auth-puppeteer.js:42

🔗

中危外部 URL 外部 URL

https://passport.115.com/qrcode/generate

lib/auth-web.js:90

🔗

中危外部 URL 外部 URL

https://passportapi.115.com

lib/auth.js:13

🔗

中危外部 URL 外部 URL

https://webapi.115.com

lib/auth.js:14

🔗

中危外部 URL 外部 URL

https://my.115.com/?ct=ajax&ac=nav

lib/auth.js:250

🔗

中危外部 URL 外部 URL

https://uplb.115.com

lib/files/transfer.js:17

🔗

中危外部 URL 外部 URL

https://lixian.115.com

lib/lixian/download.js:15

🔗

中危外部 URL 外部 URL

https://115.com/s/abc123

lib/share/transfer.js:23

🔗

中危外部 URL 外部 URL

https://115.com/s/abc123?password=xyzw

lib/share/transfer.js:25

🔗

中危外部 URL 外部 URL

https://115.com/s/$

lib/share/transfer.js:237

目录结构

28 文件 · 226.6 KB · 9007 行

JavaScript 26f · 8729L Markdown 1f · 222L JSON 1f · 56L

├─ ▾ 📁 lib

│ ├─ ▾ 📁 client

│ │ └─ 📜 http-client.js JavaScript 315L · 8.0 KB

│ ├─ ▾ 📁 context

│ │ ├─ 📜 history-manager.js JavaScript 517L · 12.1 KB

│ │ └─ 📜 session-context.js JavaScript 298L · 6.4 KB

│ ├─ ▾ 📁 error

│ │ └─ 📜 error-handler.js JavaScript 430L · 11.1 KB

│ ├─ ▾ 📁 files

│ │ ├─ 📜 batch-operations.js JavaScript 467L · 11.8 KB

│ │ ├─ 📜 browser.js JavaScript 275L · 6.2 KB

│ │ ├─ 📜 operations.js JavaScript 289L · 7.0 KB

│ │ └─ 📜 transfer.js JavaScript 257L · 6.5 KB

│ ├─ ▾ 📁 lixian

│ │ ├─ 📜 download.js JavaScript 274L · 6.5 KB

│ │ └─ 📜 lixian-manager.js JavaScript 523L · 13.2 KB

│ ├─ ▾ 📁 organizer

│ │ ├─ 📜 classifier.js JavaScript 153L · 4.3 KB

│ │ ├─ 📜 clean-advisor.js JavaScript 486L · 13.7 KB

│ │ └─ 📜 smart-organizer.js JavaScript 289L · 8.0 KB

│ ├─ ▾ 📁 parser

│ │ └─ 📜 command-parser.js JavaScript 326L · 8.6 KB

│ ├─ ▾ 📁 recommender

│ │ └─ 📜 action-recommender.js JavaScript 459L · 11.0 KB

│ ├─ ▾ 📁 share

│ │ ├─ 📜 share-manager.js JavaScript 363L · 9.1 KB

│ │ └─ 📜 transfer.js JavaScript 317L · 8.2 KB

│ ├─ ▾ 📁 storage

│ │ └─ 📜 cookie-store.js JavaScript 218L · 5.3 KB

│ ├─ ▾ 📁 ui

│ │ ├─ 📜 progress-display.js JavaScript 358L · 9.1 KB

│ │ └─ 📜 response-builder.js JavaScript 560L · 14.2 KB

│ ├─ ▾ 📁 utils

│ │ └─ 📜 helpers.js JavaScript 32L · 574 B

│ ├─ 📜 auth-puppeteer.js JavaScript 304L · 7.9 KB

│ ├─ 📜 auth-web.js JavaScript 262L · 6.0 KB

│ ├─ 📜 auth.js JavaScript 315L · 7.8 KB

│ └─ 📜 session.js JavaScript 297L · 6.6 KB

├─ 📜 index.js JavaScript 345L · 9.8 KB

├─ 📋 package.json JSON 56L · 1.5 KB

└─ 📝 SKILL.md Markdown 222L · 6.3 KB

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`axios`	`^1.6.0`	npm	否	Version not pinned; CVE-2023-45857 applies to versions <1.5.0 but ^1.6.0 should be safe
`puppeteer`	`^24.39.1`	npm	否	Heavy dependency; version not pinned; present as dead code
`qrcode`	`^1.5.3`	npm	否	Version not pinned; used for QR code generation
`qs`	`^6.15.0`	npm	否	Version not pinned; used for query string serialization
`form-data`	`^4.0.0`	npm	否	Version not pinned; used for multipart form data

安全亮点

✓ Credential storage uses AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations, sha256) — strong cryptographic practices

✓ Machine-specific encryption key derived from hostname+platform+arch — credentials are not portable across machines

✓ Cookie file is stored with 0o600 permissions (owner-only read/write) — appropriate file permissions

✓ No evidence of credential exfiltration — credentials stay local and encrypted

✓ No base64-encoded payloads or eval() usage found — clean code execution model

✓ No curl|bash or wget|sh patterns — no remote script execution

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive credential paths

✓ No hidden instructions in HTML comments or strings

✓ All network requests target legitimate 115.com infrastructure (webapi.115.com, passport.115.com, etc.) — no suspicious external IPs contacted

✓ Disable-model-invocation flag properly set for high-risk operations — appropriate operational safety controls