中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 68/100
Last scan:1 day ago Rescan
68 /100
self-evolution-engine
自我进化引擎 - 让AI Skill具备自我分析、自我改进、自我学习的能力
Hardcoded billing API key with no declared credential handling, plus undocumented external data transmission to skillpay.me that is only minimally mentioned in SKILL.md — a significant doc-to-code mismatch.
Skill Nameself-evolution-engine
Duration55.5s
Enginepi
Do not install this skill
Immediately rotate the hardcoded API key and migrate it to an environment variable (SKILLPAY_API_KEY). Enhance SKILL.md to fully document all data sent to external services, including the user ID and API key transmission. Consider whether the billing integration warrants the credential exposure risk.

Attack Chain 3 steps

Entry Skill deployed with hardcoded billing API key embedded in payment.py
payment.py:12
Escalation Attacker extracts the hardcoded API key from source code
payment.py:12
Impact Attacker uses extracted key to make unauthorized billing API calls against skillpay.me on behalf of the skill operator
payment.py:38

Findings 5 items

Severity Finding Location
Critical
Hardcoded Billing API Key in Source Code Credential Theft
payment.py contains a plaintext billing API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' hardcoded at line 12. The _meta.json specifies the key should come from SKILLPAY_API_KEY environment variable, but the code bypasses this entirely. Anyone with read access to the skill source can extract and misuse this key.
BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
→ Replace with os.environ.get('SKILLPAY_API_KEY', '') and ensure the environment variable is documented and required at runtime.
 payment.py:12
High
Undeclared External Data Transmission Data Exfil
The skill transmits SKILLPAY_USER_ID (read from environment) and the billing API key to https://skillpay.me for payment verification. SKILL.md only mentions '本 Skill 已接入 SkillPay 付费系统' and a price tag. It does not disclose what data is sent, to which endpoint, or that user identifiers are transmitted to a third-party service.
user_id = os.environ.get("SKILLPAY_USER_ID", "anonymous_user")
→ Add a dedicated '数据与隐私' section to SKILL.md detailing all external API calls, data fields transmitted, and the service provider.
 payment.py:76
High
SKILL.md Does Not Match Implementation Doc Mismatch
SKILL.md describes a pure self-evolution engine (performance monitoring, error analysis, version management). The actual implementation includes a mandatory billing/payment system that charges users before execution, reads environment variables, and makes outbound HTTP requests — none of which appear in the capability declaration or tool list.
SKILL.md describes only monitoring + evolution tools; payment.py billing with outbound requests to skillpay.me is entirely absent
→ Add network:READ and environment:READ to the declared capability map, and document the payment verification flow in SKILL.md.
 SKILL.md:1
Medium
Hardcoded Privileged Workspace Path Sensitive Access
Both evolution_generator.py and version_manager.py hardcode /root/.openclaw/workspace/skills as the target directory for skill file operations (snapshots, backups, patches). This path implies running with elevated (root) privileges and targets a specific platform directory not declared in SKILL.md.
workspace_dir: str = "/root/.openclaw/workspace/skills"
→ Use a configurable workspace path from environment variable or command-line argument rather than hardcoding /root paths.
 scripts/evolution_generator.py:22
Low
Unpinned Dependencies with Lower Bounds Only Supply Chain
requirements.txt uses lower-bound version specifiers (pandas>=2.0.0, numpy>=1.24.0, etc.) without upper bounds or exact pins. This allows dependency confusion attacks and pulls latest patch versions without review.
pandas>=2.0.0
numpy>=1.24.0
psutil>=5.9.0
matplotlib>=3.7.0
→ Pin exact versions (e.g., pandas==2.2.3) or at minimum add upper bounds (pandas>=2.0.0,<3.0.0) to prevent silent major-version jumps.
 requirements.txt:1
ResourceDeclaredInferredStatusEvidence
Network NONE READ ✓ Aligned payment.py:20-30 makes requests.post() to https://skillpay.me with API key and u…
Environment NONE READ ✓ Aligned payment.py:76 reads os.environ.get('SKILLPAY_USER_ID')
Filesystem NONE WRITE ✓ Aligned evolution_generator.py:22, version_manager.py:18 hardcode /root/.openclaw/worksp…
1 High 2 findings
🔑
High API Key 疑似硬编码凭证
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
payment.py:12
🔗
Medium External URL 外部 URL
https://skillpay.me
payment.py:11

File Tree

9 files · 56.0 KB · 1662 lines
Python 5f · 1300L Markdown 2f · 329L JSON 1f · 19L Text 1f · 14L
├─ 📁 references
│ └─ 📝 architecture.md Markdown 245L · 6.7 KB
├─ 📁 scripts
│ ├─ 🐍 error_analyzer.py Python 281L · 9.6 KB
│ ├─ 🐍 evolution_generator.py Python 394L · 13.6 KB
│ ├─ 🐍 performance_monitor.py Python 200L · 6.9 KB
│ └─ 🐍 version_manager.py Python 283L · 10.2 KB
├─ 📋 _meta.json JSON 19L · 442 B
├─ 🐍 payment.py Python 142L · 5.2 KB
├─ 📄 requirements.txt Text 14L · 217 B
└─ 📝 SKILL.md Markdown 84L · 3.1 KB

Dependencies 6 items

PackageVersionSourceKnown VulnsNotes
pandas >=2.0.0 pip No Version not pinned, lower-bound only
numpy >=1.24.0 pip No Version not pinned
psutil >=5.9.0 pip No Version not pinned
matplotlib >=3.7.0 pip No Version not pinned
python-dateutil >=2.8.0 pip No Version not pinned
requests not declared pip No Used in payment.py but not listed in requirements.txt

Security Positives

✓ No shell execution, subprocess, or command injection vectors found
✓ No credential harvesting beyond the billing API key (which is used for its intended purpose, not exfiltrated elsewhere)
✓ No base64-encoded payloads, obfuscated code, or anti-analysis techniques
✓ Evolution apply and rollback operations require explicit --confirm flags, providing a human-in-the-loop safeguard
✓ Backup creation before rollback operations prevents accidental data loss
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive user paths
✓ No reverse shell, C2, or data-theft-only beacons detected