中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 68/100
上次扫描:1 天前 重新扫描
68 /100
self-evolution-engine
自我进化引擎 - 让AI Skill具备自我分析、自我改进、自我学习的能力
Hardcoded billing API key with no declared credential handling, plus undocumented external data transmission to skillpay.me that is only minimally mentioned in SKILL.md — a significant doc-to-code mismatch.
技能名称self-evolution-engine
分析耗时55.5s
引擎pi
不要安装此技能
Immediately rotate the hardcoded API key and migrate it to an environment variable (SKILLPAY_API_KEY). Enhance SKILL.md to fully document all data sent to external services, including the user ID and API key transmission. Consider whether the billing integration warrants the credential exposure risk.

攻击链 3 步

入口 Skill deployed with hardcoded billing API key embedded in payment.py
payment.py:12
提权 Attacker extracts the hardcoded API key from source code
payment.py:12
影响 Attacker uses extracted key to make unauthorized billing API calls against skillpay.me on behalf of the skill operator
payment.py:38

安全发现 5 项

严重性 安全发现 位置
严重
Hardcoded Billing API Key in Source Code 凭证窃取
payment.py contains a plaintext billing API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' hardcoded at line 12. The _meta.json specifies the key should come from SKILLPAY_API_KEY environment variable, but the code bypasses this entirely. Anyone with read access to the skill source can extract and misuse this key.
BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
→ Replace with os.environ.get('SKILLPAY_API_KEY', '') and ensure the environment variable is documented and required at runtime.
 payment.py:12
高危
Undeclared External Data Transmission 数据外泄
The skill transmits SKILLPAY_USER_ID (read from environment) and the billing API key to https://skillpay.me for payment verification. SKILL.md only mentions '本 Skill 已接入 SkillPay 付费系统' and a price tag. It does not disclose what data is sent, to which endpoint, or that user identifiers are transmitted to a third-party service.
user_id = os.environ.get("SKILLPAY_USER_ID", "anonymous_user")
→ Add a dedicated '数据与隐私' section to SKILL.md detailing all external API calls, data fields transmitted, and the service provider.
 payment.py:76
高危
SKILL.md Does Not Match Implementation 文档欺骗
SKILL.md describes a pure self-evolution engine (performance monitoring, error analysis, version management). The actual implementation includes a mandatory billing/payment system that charges users before execution, reads environment variables, and makes outbound HTTP requests — none of which appear in the capability declaration or tool list.
SKILL.md describes only monitoring + evolution tools; payment.py billing with outbound requests to skillpay.me is entirely absent
→ Add network:READ and environment:READ to the declared capability map, and document the payment verification flow in SKILL.md.
 SKILL.md:1
中危
Hardcoded Privileged Workspace Path 敏感访问
Both evolution_generator.py and version_manager.py hardcode /root/.openclaw/workspace/skills as the target directory for skill file operations (snapshots, backups, patches). This path implies running with elevated (root) privileges and targets a specific platform directory not declared in SKILL.md.
workspace_dir: str = "/root/.openclaw/workspace/skills"
→ Use a configurable workspace path from environment variable or command-line argument rather than hardcoding /root paths.
 scripts/evolution_generator.py:22
低危
Unpinned Dependencies with Lower Bounds Only 供应链
requirements.txt uses lower-bound version specifiers (pandas>=2.0.0, numpy>=1.24.0, etc.) without upper bounds or exact pins. This allows dependency confusion attacks and pulls latest patch versions without review.
pandas>=2.0.0
numpy>=1.24.0
psutil>=5.9.0
matplotlib>=3.7.0
→ Pin exact versions (e.g., pandas==2.2.3) or at minimum add upper bounds (pandas>=2.0.0,<3.0.0) to prevent silent major-version jumps.
 requirements.txt:1
资源类型声明权限推断权限状态证据
网络访问 NONE READ ✓ 一致 payment.py:20-30 makes requests.post() to https://skillpay.me with API key and u…
环境变量 NONE READ ✓ 一致 payment.py:76 reads os.environ.get('SKILLPAY_USER_ID')
文件系统 NONE WRITE ✓ 一致 evolution_generator.py:22, version_manager.py:18 hardcode /root/.openclaw/worksp…
1 高危 2 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"
payment.py:12
🔗
中危 外部 URL 外部 URL
https://skillpay.me
payment.py:11

目录结构

9 文件 · 56.0 KB · 1662 行
Python 5f · 1300L Markdown 2f · 329L JSON 1f · 19L Text 1f · 14L
├─ 📁 references
│ └─ 📝 architecture.md Markdown 245L · 6.7 KB
├─ 📁 scripts
│ ├─ 🐍 error_analyzer.py Python 281L · 9.6 KB
│ ├─ 🐍 evolution_generator.py Python 394L · 13.6 KB
│ ├─ 🐍 performance_monitor.py Python 200L · 6.9 KB
│ └─ 🐍 version_manager.py Python 283L · 10.2 KB
├─ 📋 _meta.json JSON 19L · 442 B
├─ 🐍 payment.py Python 142L · 5.2 KB
├─ 📄 requirements.txt Text 14L · 217 B
└─ 📝 SKILL.md Markdown 84L · 3.1 KB

依赖分析 6 项

包名版本来源已知漏洞备注
pandas >=2.0.0 pip Version not pinned, lower-bound only
numpy >=1.24.0 pip Version not pinned
psutil >=5.9.0 pip Version not pinned
matplotlib >=3.7.0 pip Version not pinned
python-dateutil >=2.8.0 pip Version not pinned
requests not declared pip Used in payment.py but not listed in requirements.txt

安全亮点

✓ No shell execution, subprocess, or command injection vectors found
✓ No credential harvesting beyond the billing API key (which is used for its intended purpose, not exfiltrated elsewhere)
✓ No base64-encoded payloads, obfuscated code, or anti-analysis techniques
✓ Evolution apply and rollback operations require explicit --confirm flags, providing a human-in-the-loop safeguard
✓ Backup creation before rollback operations prevents accidental data loss
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive user paths
✓ No reverse shell, C2, or data-theft-only beacons detected