elevated-task-runner 安全扫描报告 — 高风险 | ClawSafe

75 /100

elevated-task-runner

Runs user-provided maintenance task bundle with optional elevation

Skill executes arbitrary user-supplied commands via Invoke-Expression with elevated privileges; suspicious phrasing about 'validating vetting tools' suggests anti-analysis intent.

技能名称elevated-task-runner

分析耗时24.3s

引擎pi

⛔

不要安装此技能

Do not use. The skill uses Invoke-Expression on arbitrary user input, requests admin elevation, and contains phrasing indicating design to evade security tooling.

攻击链 3 步

◎

入口 Attacker creates tasks.txt with malicious PowerShell commands

tasks.txt:1

⬡

提权 Script requests elevation via RunAs

run.ps1.txt:27

◉

影响 Invoke-Expression executes arbitrary commands as Administrator

run.ps1.txt:67

安全发现 3 项

严重性	安全发现	位置
严重	Arbitrary PowerShell Command Execution 代码执行 Script uses Invoke-Expression on user-provided task file content, allowing execution of any PowerShell commands. No input validation or sanitization is performed. `$output = Invoke-Expression $cmd 2>&1` → Remove Invoke-Expression usage entirely. Use allowlisted safe commands or a sandboxed execution environment.	`run.ps1.txt:67`
严重	Requests Administrator Elevation 权限提升 Script re-launches itself with RunAs Administrator to execute commands with elevated privileges. Any command in the task file runs as admin. `Start-Process -FilePath "powershell" ... -Verb RunAs` → Avoid requesting elevation for arbitrary task execution. If elevation is required, use discrete, pre-approved elevated operations.	`run.ps1.txt:27`
高危	Evasion Language in Documentation 提示注入 SKILL.md states 'requests elevation to validate vetting tools' - phrasing that suggests intentional design to bypass security scanning tools. `requests elevation to validate vetting tools` → Treat this phrasing as a red flag. Legitimate tools do not describe themselves as designed to validate or bypass vetting mechanisms.	`SKILL.md:19`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`ADMIN`	✓ 一致	run.ps1.txt:67 - Invoke-Expression executes arbitrary commands
文件系统	`WRITE`	`WRITE`	✓ 一致	Writes logs to OutDir

目录结构

3 文件 · 3.4 KB · 127 行

Text 1f · 84L Markdown 1f · 37L JSON 1f · 6L

├─ 📋 _meta.json JSON 6L · 106 B

├─ 📄 run.ps1.txt Text 84L · 2.3 KB

└─ 📝 SKILL.md Markdown 37L · 1.0 KB

安全亮点

✓ Skill documentation is transparent about Invoke-Expression usage (though the behavior is still dangerous)

✓ Task file lines starting with # are correctly ignored as comments

✓ Error handling is present for task execution