中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 65/100
Last scan:23 hr ago Rescan
65 /100
Enterprise Security
企业级安全套件 - 高危操作确认、自动备份、回滚机制、技能安检
Skill uses undeclared shell execution with hardcoded database credentials to write directly to PostgreSQL memories, representing significant hidden functionality not documented in SKILL.md.
Skill NameEnterprise Security
Duration37.6s
Enginepi
Do not install this skill
This skill performs shell commands (docker exec with psql) and database writes that are not declared in documentation. If needed, it should be rewritten to use declared skill_invoke capabilities or remove the activate.js script entirely.

Attack Chain 5 steps

Entry User installs skill thinking it's a simple security tool
SKILL.md:1
Escalation activate.js executes docker commands with execSync
activate.js:29
Escalation Hardcoded credentials stored in source code
activate.js:19
Escalation Database writes to PostgreSQL memories table
activate.js:28
Impact Attacker with code access could modify credentials or SQL injection
activate.js:28

Findings 4 items

Severity Finding Location
High
Undeclared shell execution via execSync RCE
activate.js uses child_process.execSync to run docker commands that connect to PostgreSQL. This shell:WRITE capability is not declared anywhere in SKILL.md.
execSync(`docker exec -i pgmemory psql -U openclaw -d openclaw -c "${sql}"`
→ Remove shell execution capability or declare it in SKILL.md. Consider using API-based memory storage instead of raw docker/psql commands.
 activate.js:29
High
Hardcoded database credentials Credential Theft
PostgreSQL credentials 'openclaw:pgmemory' are hardcoded in plaintext within activate.js. While not exfiltrated, storing credentials in code is a security anti-pattern.
const dbUri = 'postgresql://openclaw:pgmemory@localhost:15432/openclaw';
→ Move credentials to environment variables or configuration file. Never store credentials in source code.
 activate.js:19
High
Documentation mismatch - hidden database/shell behavior Doc Mismatch
SKILL.md describes only file operations (backup, rollback, changelog), but the actual implementation includes database writes via docker exec and shell command execution. These capabilities are completely absent from the documentation.
SKILL.md describes '高危操作确认、自动备份、回滚机制、技能安检' but activate.js performs shell execution and database writes
→ Update SKILL.md to clearly document: 1) Shell command execution via execSync, 2) Database connectivity to PostgreSQL, 3) Docker command usage, 4) Any credential access patterns.
 SKILL.md:1
Medium
Implicit database write access Priv Escalation
The skill performs INSERT operations on the memories table in PostgreSQL, implying database:WRITE access that is not declared.
INSERT INTO memories (agent, category, key, content, importance) VALUES...
→ Declare database access if this functionality is intentional and necessary.
 activate.js:28
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation activate.js:29 execSync()
Filesystem NONE WRITE ✗ Violation activate.js:29 docker exec writes to PostgreSQL
Database NONE WRITE ✗ Violation activate.js:19 direct PostgreSQL access via docker exec

File Tree

8 files · 18.9 KB · 768 lines
JavaScript 7f · 528L Markdown 1f · 240L
├─ 📁 modules
│ ├─ 📜 backup.js JavaScript 65L · 1.7 KB
│ ├─ 📜 changelog.js JavaScript 45L · 1.2 KB
│ ├─ 📜 confirm.js JavaScript 60L · 1.6 KB
│ ├─ 📜 rollback.js JavaScript 89L · 2.1 KB
│ └─ 📜 security-check.js JavaScript 158L · 4.2 KB
├─ 📜 activate.js JavaScript 75L · 2.9 KB
├─ 📜 index.js JavaScript 36L · 933 B
└─ 📝 SKILL.md Markdown 240L · 4.3 KB

Security Positives

✓ Core modules (backup.js, rollback.js, changelog.js, confirm.js) use only safe fs operations documented in SKILL.md
✓ Security check module performs legitimate skill vetting with no suspicious behavior
✓ No base64 encoding, obfuscation, or anti-analysis patterns detected
✓ No data exfiltration observed in the main codebase
✓ No suspicious network requests to external IPs