Enterprise Security 安全扫描报告 — 高风险 | ClawSafe

65 /100

Enterprise Security

企业级安全套件 - 高危操作确认、自动备份、回滚机制、技能安检

Skill uses undeclared shell execution with hardcoded database credentials to write directly to PostgreSQL memories, representing significant hidden functionality not documented in SKILL.md.

技能名称Enterprise Security

分析耗时37.6s

引擎pi

⛔

不要安装此技能

This skill performs shell commands (docker exec with psql) and database writes that are not declared in documentation. If needed, it should be rewritten to use declared skill_invoke capabilities or remove the activate.js script entirely.

攻击链 5 步

◎

入口 User installs skill thinking it's a simple security tool

SKILL.md:1

⬡

提权 activate.js executes docker commands with execSync

activate.js:29

⬡

提权 Hardcoded credentials stored in source code

activate.js:19

⬡

提权 Database writes to PostgreSQL memories table

activate.js:28

◉

影响 Attacker with code access could modify credentials or SQL injection

activate.js:28

安全发现 4 项

严重性	安全发现	位置
高危	Undeclared shell execution via execSync 代码执行 activate.js uses child_process.execSync to run docker commands that connect to PostgreSQL. This shell:WRITE capability is not declared anywhere in SKILL.md. execSync(`docker exec -i pgmemory psql -U openclaw -d openclaw -c "${sql}"` → Remove shell execution capability or declare it in SKILL.md. Consider using API-based memory storage instead of raw docker/psql commands.	`activate.js:29`
高危	Hardcoded database credentials 凭证窃取 PostgreSQL credentials 'openclaw:pgmemory' are hardcoded in plaintext within activate.js. While not exfiltrated, storing credentials in code is a security anti-pattern. `const dbUri = 'postgresql://openclaw:pgmemory@localhost:15432/openclaw';` → Move credentials to environment variables or configuration file. Never store credentials in source code.	`activate.js:19`
高危	Documentation mismatch - hidden database/shell behavior 文档欺骗 SKILL.md describes only file operations (backup, rollback, changelog), but the actual implementation includes database writes via docker exec and shell command execution. These capabilities are completely absent from the documentation. `SKILL.md describes '高危操作确认、自动备份、回滚机制、技能安检' but activate.js performs shell execution and database writes` → Update SKILL.md to clearly document: 1) Shell command execution via execSync, 2) Database connectivity to PostgreSQL, 3) Docker command usage, 4) Any credential access patterns.	`SKILL.md:1`
中危	Implicit database write access 权限提升 The skill performs INSERT operations on the memories table in PostgreSQL, implying database:WRITE access that is not declared. `INSERT INTO memories (agent, category, key, content, importance) VALUES...` → Declare database access if this functionality is intentional and necessary.	`activate.js:28`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	activate.js:29 execSync()
文件系统	`NONE`	`WRITE`	✗ 越权	activate.js:29 docker exec writes to PostgreSQL
数据库	`NONE`	`WRITE`	✗ 越权	activate.js:19 direct PostgreSQL access via docker exec

目录结构

8 文件 · 18.9 KB · 768 行

JavaScript 7f · 528L Markdown 1f · 240L

├─ ▾ 📁 modules

│ ├─ 📜 backup.js JavaScript 65L · 1.7 KB

│ ├─ 📜 changelog.js JavaScript 45L · 1.2 KB

│ ├─ 📜 confirm.js JavaScript 60L · 1.6 KB

│ ├─ 📜 rollback.js JavaScript 89L · 2.1 KB

│ └─ 📜 security-check.js JavaScript 158L · 4.2 KB

├─ 📜 activate.js JavaScript 75L · 2.9 KB

├─ 📜 index.js JavaScript 36L · 933 B

└─ 📝 SKILL.md Markdown 240L · 4.3 KB

安全亮点

✓ Core modules (backup.js, rollback.js, changelog.js, confirm.js) use only safe fs operations documented in SKILL.md

✓ Security check module performs legitimate skill vetting with no suspicious behavior

✓ No base64 encoding, obfuscation, or anti-analysis patterns detected

✓ No data exfiltration observed in the main codebase

✓ No suspicious network requests to external IPs