中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:19 小时前 重新扫描
15 /100
openclaw-agency-agents
管理和激活来自 agency-agents-zh 仓库的 176 个专业 AI 智能体人格
This is a legitimate agent persona management skill that clones a public GitHub repository and writes agent configuration files; no malicious behavior observed, though SKILL.md does not declare network access and setup.sh lacks version pinning.
技能名称openclaw-agency-agents
分析耗时33.4s
引擎pi
可以安装
Add explicit network:READ and filesystem:WRITE declarations in SKILL.md. Pin the git clone to a specific commit hash or tag in setup.sh to prevent unexpected content changes from the upstream repository.

安全发现 3 项

严重性 安全发现 位置
低危
SKILL.md does not declare required network access 文档欺骗
The skill performs git clone and git pull operations to fetch the agency-agents-zh repository, but SKILL.md makes no mention of network access or external repository dependencies.
git clone https://github.com/jnMetaCode/agency-agents-zh
→ Add a 'Required Permissions' or 'Resources' section to SKILL.md explicitly listing network:READ for the GitHub domain.
 SKILL.md:1
低危
No version pinning on upstream repository 供应链
setup.sh clones the latest main branch with no commit hash or tag pinning. An upstream commit could introduce malicious agent personas at any time.
git clone https://github.com/jnMetaCode/agency-agents-zh.git "$REPO_DIR"
→ Pin to a specific commit SHA or tag, e.g., 'git clone https://github.com/jnMetaCode/agency-agents-zh.git --depth 1 --branch v1.0.0 "$REPO_DIR"'
 scripts/setup.sh:53
提示
Script header name mismatch 文档欺骗
setup.sh header comments refer to 'openmaic-agents-lite' while SKILL.md describes 'openclaw-agency-agents'. Minor inconsistency.
# setup.sh - 初始化 openmaic-agents-lite skill
→ Update script header to match the SKILL.md name 'openclaw-agency-agents'.
 scripts/setup.sh:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 setup.sh:53, activate.sh:93 writes files to $WORKSPACE_DIR
网络访问 NONE READ ✓ 一致 setup.sh:53 'git clone https://github.com/jnMetaCode/agency-agents-zh.git', upda…
命令执行 NONE WRITE ✓ 一致 All scripts execute bash; activate.sh creates config files via heredoc and file …

目录结构

7 文件 · 17.3 KB · 576 行
Shell 6f · 458L Markdown 1f · 118L
├─ 📁 scripts
│ ├─ 🔧 activate.sh Shell 153L · 4.5 KB
│ ├─ 🔧 list.sh Shell 77L · 2.4 KB
│ ├─ 🔧 restore.sh Shell 65L · 1.4 KB
│ ├─ 🔧 search.sh Shell 69L · 2.0 KB
│ ├─ 🔧 setup.sh Shell 59L · 2.2 KB
│ └─ 🔧 update.sh Shell 35L · 765 B
└─ 📝 SKILL.md Markdown 118L · 4.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
agency-agents-zh latest (unpinned) https://github.com/jnMetaCode/agency-agents-zh.git Clones latest main branch with no commit/tag pinning

安全亮点

✓ No credential harvesting or environment variable enumeration observed
✓ No base64, obfuscation, or anti-analysis patterns detected
✓ No network exfiltration or C2 communication patterns
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No reverse shell, RCE, or arbitrary command injection
✓ All operations are scoped to a specific skill directory and workspace directory
✓ Backup mechanism provides config restore safety
✓ Uses set -euo pipefail for safe shell scripting