system-controller 安全扫描报告 — 低风险 | ClawSafe

15 /100

system-controller

Control Windows desktop software, hardware, and IoT devices

A legitimate Windows system control skill with well-documented capabilities; one unused shell:WRITE function (run_cmd with shell=True) exists as a latent risk but poses no active threat since it is never invoked by any module.

技能名称system-controller

分析耗时46.3s

引擎pi

✓

可以安装

Remove or lock down the unused run_cmd() function in scripts/common.py (shell=True + no argument validation). Otherwise the skill is safe to use for its stated purpose.

安全发现 3 项

严重性	安全发现	位置
低危	Unused shell=True execution path in common.py scripts/common.py defines run_cmd() which uses subprocess.run(shell=True) and passes os.environ.copy() to child processes. This function is never called by any module but is a latent risk: if ever invoked with untrusted input it could enable command injection. The function is also not declared in SKILL.md. `result = subprocess.run(command, capture_output=True, text=True, encoding='utf-8', errors='replace', timeout=timeout, shell=True, env=env)` → Remove run_cmd() entirely if unused, or restrict it to an allowlist of safe commands.	`scripts/common.py:44`
低危	Generic HTTP client accepts arbitrary URLs iot_controller.py's http_get/http_post/http_put accept any URL provided by the user and send arbitrary headers/body. While documented, this means the skill can be used as a general HTTP proxy if the user provides an arbitrary URL. `def http_get(url, path='', headers=None)` → This is by design for IoT use cases; document the limitation clearly.	`scripts/iot_controller.py:89`
提示	Auto-install of pip packages without version pinning iot_controller.py, serial_comm.py, and gui_controller.py auto-install dependencies via pip with no version constraints (pip install requests, pyserial, pyautogui, pillow). This is declared in SKILL.md but versions are unpinned, creating a supply-chain exposure. `subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'requests', '-q'])` → Pin dependency versions (e.g., pip install requests==2.31.0) to ensure reproducible and secure builds.	`scripts/iot_controller.py:23`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	All scripts use subprocess.run/powershell — declared in SKILL.md Execution Model
文件系统	`NONE`	`READ`	✓ 一致	gui_controller.py:49 — screenshots written to screenshots/ subdir; not declared …
网络访问	`READ`	`READ`	✓ 一致	iot_controller.py makes HTTP GET/POST to user-supplied Home Assistant URLs; decl…
浏览器	`NONE`	`NONE`	—	N/A — no browser automation present
数据库	`NONE`	`NONE`	—	N/A
剪贴板	`NONE`	`NONE`	—	N/A
环境变量	`NONE`	`READ`	✓ 一致	common.py:29 os.environ.copy() — only used to inject PYTHONIOENCODING; not used …
技能调用	`NONE`	`NONE`	—	N/A

3 项发现

🔗

中危外部 URL 外部 URL

http://192.168.1.100:8123

references/command_reference.md:170

🔗

中危外部 URL 外部 URL

http://192.168.1.50:8080

references/command_reference.md:190

🔗

中危外部 URL 外部 URL

http://192.168.1.50/api

scripts/iot_controller.py:14

目录结构

9 文件 · 95.0 KB · 2758 行

Python 7f · 2274L Markdown 2f · 484L

├─ ▾ 📁 references

│ └─ 📝 command_reference.md Markdown 227L · 6.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 common.py Python 79L · 2.2 KB

│ ├─ 🐍 gui_controller.py Python 655L · 23.3 KB

│ ├─ 🐍 hardware_controller.py Python 414L · 12.8 KB

│ ├─ 🐍 iot_controller.py Python 314L · 11.4 KB

│ ├─ 🐍 process_manager.py Python 197L · 6.4 KB

│ ├─ 🐍 serial_comm.py Python 256L · 8.2 KB

│ └─ 🐍 window_manager.py Python 359L · 12.2 KB

└─ 📝 SKILL.md Markdown 257L · 12.2 KB

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned; auto-installed by iot_controller.py
`pyserial`	`*`	pip	否	Version not pinned; auto-installed by serial_comm.py
`pyautogui`	`*`	pip	否	Version not pinned; auto-installed by gui_controller.py
`pillow`	`*`	pip	否	Version not pinned; auto-installed by gui_controller.py
`pytesseract`	`*`	pip	否	Optional; version not pinned; used for OCR in gui_controller.py

安全亮点

✓ All six modules' capabilities fully match SKILL.md declarations — no hidden functionality

✓ Process kill, shutdown, restart, and network adapter disable all require explicit user confirmation per SKILL.md safety rules

✓ No credential harvesting from ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ No base64-encoded payloads, reverse shells, eval() calls, or obfuscated code

✓ No remote script download (curl|bash, wget|sh patterns absent)

✓ No data exfiltration to external IPs — IoT calls go to user-supplied local URLs

✓ os.environ access is minimal (only PYTHONIOENCODING injection) with no sensitive key enumeration

✓ Input escaping present for PowerShell strings (replace "'", "''") to prevent injection