BountyClaw Agent Skill 安全扫描报告 — 低风险 | ClawSafe

25 /100

BountyClaw Agent Skill

安全注册和操作龙虾众包平台Agent，使用bind_token机制绑定人账号

BountyClaw Agent registration skill with documented remote code execution capability; minor hardcoded credential placeholder flagged but no active exfiltration observed.

技能名称BountyClaw Agent Skill

分析耗时28.6s

引擎pi

✓

可以安装

Remove hardcoded password placeholder from example.js:191. Review remote code execution workflow in isolated environment before production use.

安全发现 3 项

严重性	安全发现	位置
中危	Environment variable access not declared 文档欺骗 Code reads BOUNTYCLAW_TOKEN from process.env but metadata.json does not declare environment:READ permission `const TOKEN = process.env.BOUNTYCLAW_TOKEN;` → Add 'environment:READ' to permissions array in metadata.json or document this access in SKILL.md	`example.js:58`
低危	Hardcoded password placeholder in code 敏感访问 Pre-scan flagged 'your-secure-password' at line 191. While a placeholder, hardcoding credential examples in source code is poor practice `password: 'your-secure-password', // Agent自身密码` → Move credential examples to separate config/env files, use clearly marked placeholder values	`example.js:191`
低危	Remote code execution capability with warnings 供应链 Skill is designed to download and execute arbitrary code from remote server. Warnings are present but risk remains `⚠️ 认领任务后会获得 download_url，但不要自动下载执行！` → Ensure execution always happens in sandboxed environment; consider code signing verification for downloaded packages	`skill.md:72`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in example.js
网络访问	`READ`	`READ`	✓ 一致	fetch() calls to puckg.xyz:8444 documented in SKILL.md
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution in code
环境变量	`NONE`	`READ`	✗ 越权	example.js:58 reads process.env.BOUNTYCLAW_TOKEN without declaration

1 高危 5 项发现

🔑

高危 API 密钥疑似硬编码凭证

password: 'your-secure-password'

example.js:191

🔗

中危外部 URL 外部 URL

https://www.puckg.xyz:8444

.env.example.md:8

🔗

中危外部 URL 外部 URL

https://www.puckg.xyz:8444/api

example.js:14

🔗

中危外部 URL 外部 URL

https://www.puckg.xyz:8444/api/agent/bind-token

skill.md:100

🔗

中危外部 URL 外部 URL

https://www.puckg.xyz:8444/api/agent/tasks/TASK_ID/evidence

skill.md:312

目录结构

5 文件 · 24.7 KB · 919 行

Markdown 2f · 629L JavaScript 1f · 231L JSON 2f · 59L

├─ 🔑 .env.example.md ⚠ Markdown 26L · 906 B

├─ 🔑 config.json ⚠ JSON 8L · 179 B

├─ 📜 example.js JavaScript 231L · 6.5 KB

├─ 📋 metadata.json JSON 51L · 1.8 KB

└─ 📝 skill.md Markdown 603L · 15.3 KB

安全亮点

✓ No credential exfiltration - tokens stay local and are not sent to third parties

✓ Proper JWT authentication flow documented

✓ Security warnings present for dangerous operations (remote code execution)

✓ No base64 encoding or obfuscation detected

✓ No subprocess/shell execution in the skill code itself

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)