Scan Report
45 /100
remnawave-robot
Remnawave 账号全生命周期自动化管理 - VPN account lifecycle automation
Skill manages VPN account lifecycle with legitimate functionality but exhibits concerning patterns: hardcoded IP endpoint, SSL verification disabled, and suspicious external subscription URLs embedded in documentation.
Use with caution
Review hardcoded IP 8.212.8.43 and verify legitimacy of datat.cc subscription URLs. Consider using domain names instead of raw IPs and enabling SSL verification.
Findings 4 items
| Severity | Finding | Location |
|---|---|---|
| Medium | Hardcoded IP address as default API endpoint Sensitive Access | setup.js:148 |
| Medium | SSL certificate verification disabled by default Sensitive Access | setup.js:158 |
| Medium | Suspicious subscription URLs in documentation Doc Mismatch | SMTP-FIX.md:176 |
| Low | Configuration stored in parent directory .env Priv Escalation | create-account.js:39 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Reads .env and config JSON files for credential access |
| Network | READ | READ | ✓ Aligned | HTTPS requests to Remnawave API and SMTP servers |
| Shell | NONE | NONE | — | No shell execution in main JS scripts |
1 High 20 findings
High IP Address 硬编码 IP 地址
8.212.8.43 PUBLISH-SUMMARY.md:138 Medium External URL 外部 URL
https://8.212.8.43 PUBLISH-SUMMARY.md:138 Medium External URL 外部 URL
https://mail.zoho.com SMTP-FIX.md:50 Medium External URL 外部 URL
https://46force235a-6cb1-crypto-link.datat.cc/api/sub/wBMXavTEzFbxxY57 SMTP-FIX.md:176 Medium External URL 外部 URL
https://46force235a-6cb1-crypto-link.datat.cc/api/sub/_6z3BUw1Ca5dqH0d SMTP-FIX.md:184 Medium External URL 外部 URL
https://rjdx19yd9zo.sg.larksuite.com/docx/EwMLdN3asoQ44FxOlN6lQ6frgdh?from=from_copylink create-account.js:186 Medium External URL 外部 URL
https://v2raytun.com/ create-account.js:187 Medium External URL 外部 URL
https://testappdownload-bydtmscom.oss-cn-hongkong.aliyuncs.com/OPSFILE/v2RayTun_Setup.zip create-account.js:188 Medium External URL 外部 URL
https://apps.apple.com/us/app/v2raytun/id6476628951 create-account.js:189 Medium External URL 外部 URL
https://sub.example.com/xxx templates/account-created.md:15 Medium External URL 外部 URL
https://apps.apple.com/... templates/account-created.md:19 Info Email 邮箱地址
[email protected] PUBLISH-SUMMARY.md:106 Info Email 邮箱地址
[email protected] PUBLISH-SUMMARY.md:108 Info Email 邮箱地址
[email protected] README.md:71 Info Email 邮箱地址
[email protected] SMTP-FIX.md:87 Info Email 邮箱地址
[email protected] SMTP-FIX.md:175 Info Email 邮箱地址
[email protected] SMTP-FIX.md:205 Info Email 邮箱地址
[email protected] SMTP-FIX.md:215 Info Email 邮箱地址
[email protected] SMTP-FIX.md:234 Info Email 邮箱地址
[email protected] templates/account-created.md:13 File Tree
23 files · 86.4 KB · 3279 lines JavaScript 12f · 1688L
Markdown 8f · 1439L
Shell 1f · 97L
JSON 2f · 55L
├─
▾
templates
│ └─
account-created.md
Markdown
├─
add-to-squad.js
JavaScript
├─
create-account.js
JavaScript
├─
delete-account.js
JavaScript
├─
fix-zoho-smtp.sh
Shell
├─
get-squads.js
JavaScript
├─
manual-email-west-pc.md
Markdown
├─
package-lock.json
JSON
├─
package.json
JSON
├─
PUBLISH-SUMMARY.md
Markdown
├─
README.md
Markdown
├─
resend-email.js
JavaScript
├─
search-account.js
JavaScript
├─
send-account-email.js
JavaScript
├─
setup.js
JavaScript
├─
SKILL.md
Markdown
├─
SMTP-FIX.md
Markdown
├─
sync-squads.js
JavaScript
├─
test-config.js
JavaScript
├─
test-email.js
JavaScript
├─
test-smtp-direct.js
JavaScript
├─
技能检查报告 -2026-03-18.md
Markdown
└─
技能检查报告-2026-03-18.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
nodemailer | ^8.0.2 | npm | No | Version not pinned (caret range) |
Security Positives
✓ Credentials stored with 0600 permissions (chmod 0o600)
✓ No base64-encoded payloads or obfuscated code
✓ No reverse shell or C2 infrastructure detected
✓ Uses standard HTTPS for API and SMTP connections
✓ No credential exfiltration attempts detected
✓ No unauthorized SSH/AWS credential access
✓ Shell script (fix-zoho-smtp.sh) is a diagnostic tool, not a persistence mechanism