smart-search 安全扫描报告 — 可信 | ClawSafe

5 /100

smart-search

Intelligent web search routing across Gemini and Brave APIs with quota management, circuit breaker, and web_fetch fallback

Well-architected search routing skill with robust security controls including SSRF protection, prompt injection defense, proper API key handling, and clear documentation matching implementation.

技能名称smart-search

分析耗时37.1s

引擎pi

✓

可以安装

This skill is safe to deploy. The only flagged IOC (169.254.0.0) is a legitimate security feature - the isSafeUrl() function correctly blocks APIPA addresses as part of SSRF protection.

安全发现 1 项

严重性	安全发现	位置
低危	Dependency version not strictly pinned package.json uses caret range ^4.1.2 for proper-lockfile. While not a direct vulnerability, exact pinning prevents supply chain surprises. `"proper-lockfile": "^4.1.2"` → Consider pinning to exact version "4.1.2" for reproducible builds.	`package.json:7`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	index.js:29 - reads openclaw.json and quota JSON
网络访问	`READ`	`READ`	✓ 一致	index.js:461-522 - API calls to Gemini/Brave; index.js:537 - web_fetch via tool …
命令执行	`NONE`	`NONE`	—	No subprocess/spawn calls found in index.js
环境变量	`READ`	`READ`	✓ 一致	index.js:29,419 - reads SEARCH_QUOTA_PATH and OPENCLAW_CONFIG_PATH
技能调用	`NONE`	`NONE`	—	No skill_invoke capability used
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	Web fetch via harness tool protocol, not direct browser control
数据库	`NONE`	`NONE`	—	JSON file used for quota, not a database

1 高危 6 项发现

📡

高危 IP 地址硬编码 IP 地址

169.254.0.0

index.js:54

🔗

中危外部 URL 外部 URL

https://clawhub.ai

.clawhub/origin.json:3

🔗

中危外部 URL 外部 URL

https://api.search.brave.com/res/v1/web/search?q=$

index.js:512

🔗

中危外部 URL 外部 URL

https://www.google.com/search?q=$

index.js:560

🔗

中危外部 URL 外部 URL

https://www.bing.com/search?q=$

index.js:561

🔗

中危外部 URL 外部 URL

https://duckduckgo.com/html/?q=$

index.js:562

目录结构

12 文件 · 64.9 KB · 1728 行

JavaScript 1f · 1006L Markdown 6f · 581L Shell 2f · 116L JSON 3f · 25L

├─ ▾ 📁 .clawhub

│ └─ 📋 origin.json JSON 7L · 144 B

├─ ▾ 📁 .learnings

│ ├─ 📝 ERRORS.md Markdown 3L · 75 B

│ ├─ 📝 FEATURE_REQUESTS.md Markdown 3L · 69 B

│ └─ 📝 LEARNINGS.md Markdown 28L · 530 B

├─ ▾ 📁 references

│ ├─ 📝 openclaw-config.md Markdown 54L · 2.1 KB

│ └─ 📝 quota-system.md Markdown 62L · 2.3 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 reset-quota.sh Shell 31L · 997 B

│ └─ 🔧 setup.sh Shell 85L · 3.5 KB

├─ 📋 _meta.json JSON 6L · 120 B

├─ 📜 index.js JavaScript 1006L · 39.4 KB

├─ 📋 package.json JSON 12L · 310 B

└─ 📝 SKILL.md Markdown 431L · 15.4 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`proper-lockfile`	`^4.1.2`	npm	否	Version not strictly pinned; no known vulnerabilities

安全亮点

✓ Comprehensive SSRF protection via isSafeUrl() checking all RFC-1918, loopback, link-local, and ULA ranges

✓ Prompt injection defense via INJECTION_PATTERN regex stripping common jailbreak attempts

✓ API keys held in memory only, never logged or written to disk

✓ Circuit breaker pattern prevents hammering failed APIs

✓ File locking (proper-lockfile) prevents quota file corruption from concurrent writes

✓ Input validation with regex sanitization for agent_id and query parameters

✓ 31-line SKILL.md with detailed documentation matching implementation

✓ No base64-encoded payloads, eval(), or dynamic code generation

✓ No credential harvesting patterns - only reads keys for legitimate API calls

✓ No curl|bash or wget|sh remote execution patterns

✓ Log injection protection via MAX_PROVIDER_LENGTH capping before logging