安全决策报告
gateway-monitor-installer
Skill contains undeclared external network access and reads API credentials from auth profiles to transmit to minimaxi.com, with missing template files referenced in documentation.
最直接的威胁证据
为什么得出这个结论
1/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 3 个一般风险产物,需要结合上下文判断。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Undeclared external network access +15
SKILL.md does not mention HTTPS calls to minimaxi.com for coding plan status
Undeclared credential file access +15
gateway-monitor-server.js reads ~/.openclaw/agents/main/agent/auth-profiles.json without documentation
Missing template files +10
SKILL.md references assets/launchagents/*.plist.tpl which do not exist in the package
API key transmission to external service +10
MiniMax API key is sent to minimaxi.com via Authorization header
最关键的证据
中危 文档欺骗
Undeclared external network access
The gateway-monitor-server.js makes HTTPS requests to https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains without any mention in SKILL.md. This is a hidden network behavior.
assets/bin/gateway-monitor-server.js:28 Document all external API endpoints in SKILL.md capabilities section
中危 敏感访问
Undeclared credential file access
The skill reads the MiniMax API key from ~/.openclaw/agents/main/agent/auth-profiles.json, a sensitive credential storage location, without declaring this access in documentation.
assets/bin/gateway-monitor-server.js:309 Declare access to credential files in SKILL.md or use only environment variables
中危 文档欺骗
Missing launchagent template files
SKILL.md and install.sh reference template files at assets/launchagents/*.plist.tpl that do not exist in the package. These files are needed for the installation to succeed.
SKILL.md:24 Include the missing launchagent plist template files in the package
低危 数据外泄
API key transmitted to external service
The MiniMax API key is sent in the Authorization header to an external service (minimaxi.com). While the service appears legitimate, the transmission of credentials to external endpoints is a sensitive behavior.
assets/bin/gateway-monitor-server.js:344 Document this behavior explicitly and consider if the API call is necessary for the core functionality
声明能力 vs 实际能力
文件系统 通过
声明 WRITE
→ 推断 READ
SKILL.md declares file write to ~/.openclaw/tools/ 网络访问 阻止
声明 NONE
→ 推断 READ
gateway-monitor-server.js:28 - external HTTPS call to minimaxi.com not declared 命令执行 通过
声明 WRITE
→ 推断 WRITE
launchctl commands in install.sh/status.sh are documented 环境变量 阻止
声明 NONE
→ 推断 READ
gateway-monitor-server.js:309 - reads MINIMAX_CP_KEY from environment 可疑产物与外联
中危 外部 URL
http://127.0.0.1:18990 SKILL.md:40
中危 外部 URL
https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains assets/bin/gateway-monitor-server.js:28
中危 外部 URL
http://127.0.0.1:18990/api/summary scripts/status.sh:25
依赖与供应链
没有结构化依赖告警。
文件构成
6 个文件 · 1527 行
JavaScript 1 个文件 · 1321 行Shell 4 个文件 · 159 行Markdown 1 个文件 · 47 行
需关注文件 · 3
assets/bin/gateway-monitor-server.js Undeclared external network access · Undeclared credential file access · API key transmitted to external service · https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains
SKILL.md Missing launchagent template files · http://127.0.0.1:18990
scripts/status.sh http://127.0.0.1:18990/api/summary
其他文件 · install.sh · gateway-watchdog.sh · uninstall.sh
安全亮点
No reverse shell or C2 infrastructure detected
No base64-encoded or obfuscated payloads found
Uses standard macOS LaunchAgent for service management (legitimate)
HTTPS used for external communication (not plaintext)
No credential exfiltration to attacker-controlled infrastructure
Configuration backup mechanism is sensible
Error handling appears robust