安全决策报告
long-term-memory
Hardcoded API credential in payment.py poses critical credential theft risk; documentation references non-existent tools.
最直接的威胁证据
高危 凭证窃取
Hardcoded API Key in Source Code The billing API key is hardcoded directly in payment.py line 12. This exposes a sensitive credential that could be extracted by anyone with read access to the source code.
payment.py:12 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
风险分是怎么被拉高的
Hardcoded API key in source code +35
API key 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' exposed in payment.py:12
Documentation mismatch +15
SKILL.md references memory_organizer.py and memory_sync.py which don't exist
Hardcoded base directory +5
/root/.openclaw/workspace hardcoded across all scripts
最关键的证据
高危 凭证窃取
Hardcoded API Key in Source Code
The billing API key is hardcoded directly in payment.py line 12. This exposes a sensitive credential that could be extracted by anyone with read access to the source code.
payment.py:12 Use environment variable SKILLPAY_API_KEY instead. Store secrets outside the codebase.
中危 文档欺骗
Documentation References Non-Existent Scripts
SKILL.md lists 'memory_organizer.py' and 'memory_sync.py' as available tools, but these files do not exist in the scripts/ directory.
SKILL.md:56 Remove references to non-existent tools from documentation or implement the missing functionality.
低危 敏感访问
Hardcoded Base Directory Path
All scripts hardcode '/root/.openclaw/workspace' as the base directory. This limits portability and may indicate assumptions about the runtime environment.
scripts/memory_store.py:22 Use environment variable or configuration file for base directory. Consider supporting user-specified paths.
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 WRITE
memory_store.py creates and writes memory files 网络访问 通过
声明 READ
→ 推断 READ
payment.py makes HTTP requests to skillpay.me 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess or shell execution found 环境变量 通过
声明 READ
→ 推断 READ
payment.py reads SKILLPAY_USER_ID env var 技能调用 通过
声明 NONE
→ 推断 NONE
No skill invocation detected 剪贴板 通过
声明 NONE
→ 推断 NONE
No clipboard access found 浏览器 通过
声明 NONE
→ 推断 NONE
No browser automation found 数据库 通过
声明 NONE
→ 推断 NONE
No database access found 可疑产物与外联
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
中危 外部 URL
https://skillpay.me payment.py:11
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| python-dateutil | >=2.8.0 | pip | 否 | Minimum version specified |
文件构成
8 个文件 · 1397 行
Python 4 个文件 · 1066 行Markdown 2 个文件 · 301 行JSON 1 个文件 · 19 行Text 1 个文件 · 11 行
需关注文件 · 3
scripts/memory_store.py Hardcoded Base Directory Path
payment.py Hardcoded API Key in Source Code · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
SKILL.md Documentation References Non-Existent Scripts
其他文件 · memory_search.py · memory_compressor.py · memory-taxonomy.md · _meta.json · requirements.txt
安全亮点
No subprocess or shell execution detected - no arbitrary code execution risk
No credential harvesting from environment variables for exfiltration
No base64-encoded or obfuscated code found
Dependencies have version constraints (python-dateutil>=2.8.0)
No attempts to access ~/.ssh, ~/.aws, or other sensitive credential paths
No reverse shell, C2, or data theft patterns detected
No hidden functionality beyond the declared memory management features