Skill Trust Decision

nim-ensemble / free-scaling

Name: nim-ensemble / free-scaling Trust Review Report
Item: nim-ensemble / free-scaling
Rating: 60
Author: ClawSafe

免费AI模型集成库，代码功能正常但存在文档未声明的凭证访问行为(Copilot token刷新机制扫描本地GitHub OAuth令牌)，存在文档-行为差异。

Install decision first Source: ClawHub Scanned: Apr 6, 2026

Files 18

Artifacts 3

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

3 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

未声明的凭证访问 +20

_refresh_copilot_token() 扫描 ~/.openclaw/agents/*/auth-profiles.json 查找 ghu_* GitHub OAuth令牌，用于刷新Copilot会话

文档-行为差异 +15

SKILL.md未提及Copilot API集成和GitHub OAuth认证机制

隐蔽依赖 +5

依赖 OPENCLAW_WORKSPACE 环境变量访问外部凭证目录

Most important evidence

Medium Doc Mismatch

Copilot token刷新机制未在文档中声明

_refresh_copilot_token() 函数扫描本地auth-profiles.json文件查找GitHub OAuth令牌(ghu_*)以刷新Copilot API会话令牌，但SKILL.md未提及此功能或GitHub Copilot集成。

nim_ensemble/voter.py:73-91

在SKILL.md中明确声明使用GitHub Copilot API及OAuth认证机制

Low Priv Escalation

依赖OpenClaw凭证存储目录

代码依赖 ~/.openclaw/credentials/ 存储Copilot会话令牌，且会读取其他agent的auth-profiles.json，存在凭证访问边界超出skill范围的潜在问题。

nim_ensemble/voter.py:56-57

考虑使用skill独立的凭证存储机制，而非依赖OpenClaw全局存储

Low Supply Chain

无版本锁定的间接依赖

代码使用Python标准库 urllib.request 作为HTTP客户端，虽无外部依赖但也意味着没有安全更新机制。

nim_ensemble/voter.py:119-142

保持stdlib使用即可，注意Python版本安全性

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred READ

voter.py:73-91 扫描 auth-profiles.json

Network Pass

Declared WRITE

→

Inferred WRITE

urllib NIM/Copilot API调用

Environment Pass

Declared READ

→

Inferred READ

读取 NVIDIA_API_KEY

Shell Pass

Declared NONE

→

Inferred NONE

无subprocess调用

Suspicious artifacts and egress

Medium External URL

https://build.nvidia.com

README.md:3

Medium External URL

https://integrate.api.nvidia.com/v1/chat/completions

nim_ensemble/models.py:3

Medium External URL

https://api.individual.githubcopilot.com/chat/completions

nim_ensemble/voter.py:39

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
urllib	`stdlib`	Python	No	标准库HTTP客户端，无外部依赖

File composition

18 files · 4916 lines

Python 16 files · 4526 linesMarkdown 2 files · 390 lines

Files of concern · 2

nim_ensemble/voter.py Python · 453 lines

Copilot token刷新机制未在文档中声明 · 依赖OpenClaw凭证存储目录 · 无版本锁定的间接依赖 · https://api.individual.githubcopilot.com/chat/completions

README.md Markdown · 194 lines

https://build.nvidia.com

Other files · cascade.py · test_core.py · capability_map.py · audit.py · benchmark.py · generate.py +4

18 files · 171.9 KB · 4916 lines

Python 16f · 4526LMarkdown 2f · 390L

├─ ▾ 📁 nim_ensemble

│ ├─ 🐍 __init__.py Python 57L · 1.9 KB

│ ├─ 🐍 benchmark.py Python 385L · 13.3 KB

│ ├─ 🐍 capability_map.py Python 401L · 15.1 KB

│ ├─ 🐍 cascade.py Python 702L · 26.0 KB

│ ├─ 🐍 cli.py Python 227L · 8.1 KB

│ ├─ 🐍 elo.py Python 247L · 7.9 KB

│ ├─ 🐍 evolve.py Python 103L · 3.4 KB

│ ├─ 🐍 feedback.py Python 294L · 9.7 KB

│ ├─ 🐍 generate.py Python 338L · 11.7 KB

│ ├─ 🐍 health.py Python 124L · 3.9 KB

│ ├─ 🐍 models.py Python 206L · 5.9 KB

│ ├─ 🐍 parser.py Python 111L · 4.0 KB

│ └─ 🐍 voter.py Python 453L · 15.2 KB

├─ ▾ 📁 presets

│ ├─ 🐍 __init__.py Python 1L · 59 B

│ └─ 🐍 audit.py Python 391L · 14.1 KB

├─ ▾ 📁 tests

│ └─ 🐍 test_core.py Python 486L · 18.2 KB

├─ 📝 README.md Markdown 194L · 6.7 KB

└─ 📝 SKILL.md Markdown 196L · 6.8 KB

Security positives

代码结构清晰，无恶意行为证据

使用urllib代替curl/subprocess避免shell注入

无eval/exec/execfile等危险函数

无base64解码执行或代码混淆

API调用目标明确(NVIDIA NIM + GitHub Copilot)，无隐蔽C2通信

使用tempfile原子写入保护状态文件

线程锁保护并发状态读写

测试覆盖全面，包含安全相关测试(如否定解析)