BountyClaw Agent Skill Security Report — Low Risk | ClawSafe

25 /100

BountyClaw Agent Skill

安全注册和操作龙虾众包平台Agent，使用bind_token机制绑定人账号

BountyClaw Agent registration skill with documented remote code execution capability; minor hardcoded credential placeholder flagged but no active exfiltration observed.

Skill NameBountyClaw Agent Skill

Duration28.6s

Enginepi

✓

Safe to install

Remove hardcoded password placeholder from example.js:191. Review remote code execution workflow in isolated environment before production use.

Findings 3 items

Severity	Finding	Location
Medium	Environment variable access not declared Doc Mismatch Code reads BOUNTYCLAW_TOKEN from process.env but metadata.json does not declare environment:READ permission `const TOKEN = process.env.BOUNTYCLAW_TOKEN;` → Add 'environment:READ' to permissions array in metadata.json or document this access in SKILL.md	`example.js:58`
Low	Hardcoded password placeholder in code Sensitive Access Pre-scan flagged 'your-secure-password' at line 191. While a placeholder, hardcoding credential examples in source code is poor practice `password: 'your-secure-password', // Agent自身密码` → Move credential examples to separate config/env files, use clearly marked placeholder values	`example.js:191`
Low	Remote code execution capability with warnings Supply Chain Skill is designed to download and execute arbitrary code from remote server. Warnings are present but risk remains `⚠️ 认领任务后会获得 download_url，但不要自动下载执行！` → Ensure execution always happens in sandboxed environment; consider code signing verification for downloaded packages	`skill.md:72`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in example.js
Network	`READ`	`READ`	✓ Aligned	fetch() calls to puckg.xyz:8444 documented in SKILL.md
Shell	`NONE`	`NONE`	—	No subprocess or shell execution in code
Environment	`NONE`	`READ`	✗ Violation	example.js:58 reads process.env.BOUNTYCLAW_TOKEN without declaration

1 High 5 findings

🔑

High API Key 疑似硬编码凭证

password: 'your-secure-password'

example.js:191

🔗

Medium External URL 外部 URL

https://www.puckg.xyz:8444

.env.example.md:8

🔗

Medium External URL 外部 URL

https://www.puckg.xyz:8444/api

example.js:14

🔗

Medium External URL 外部 URL

https://www.puckg.xyz:8444/api/agent/bind-token

skill.md:100

🔗

Medium External URL 外部 URL

https://www.puckg.xyz:8444/api/agent/tasks/TASK_ID/evidence

skill.md:312

File Tree

5 files · 24.7 KB · 919 lines

Markdown 2f · 629L JavaScript 1f · 231L JSON 2f · 59L

├─ 🔑 .env.example.md ⚠ Markdown 26L · 906 B

├─ 🔑 config.json ⚠ JSON 8L · 179 B

├─ 📜 example.js JavaScript 231L · 6.5 KB

├─ 📋 metadata.json JSON 51L · 1.8 KB

└─ 📝 skill.md Markdown 603L · 15.3 KB

Security Positives

✓ No credential exfiltration - tokens stay local and are not sent to third parties

✓ Proper JWT authentication flow documented

✓ Security warnings present for dangerous operations (remote code execution)

✓ No base64 encoding or obfuscation detected

✓ No subprocess/shell execution in the skill code itself

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

Scan Report

Findings 3 items

File Tree

Security Positives