中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 18/100
Last scan:1 day ago Rescan
18 /100
rtk-rewrite
OpenClaw plugin that intercepts exec tool calls and rewrites commands via `rtk rewrite` for token optimization
Plugin delegates shell command rewriting to an external `rtk` binary with no credential access or data exfiltration; includes a documented but risky curl|sh installation pattern in README.
Skill Namertk-rewrite
Duration25.4s
Enginepi
Safe to install
Approve with caution: Review the `rtk` binary trustworthiness before deployment. Consider pinning the install script to a specific commit hash to mitigate supply chain risk.

Findings 3 items

Severity Finding Location
Medium
Curl-pipe-sh installation instruction Supply Chain
README.md:20 instructs users to pipe curl output directly into sh, a dangerous pattern that executes arbitrary remote code without verification.
curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh
→ Use version-pinned installation methods or verify script integrity before execution.
 README.md:20
Low
Undeclared shell execution via execFileSync Doc Mismatch
index.ts uses execFileSync to invoke the `rtk` binary but SKILL.md does not declare shell execution as a capability.
const output = execFileSync('rtk', ['rewrite', cmd], {...})
→ Document that the skill invokes external binary via execFileSync for transparency.
 index.ts:17
Low
Homepage mismatch between files Doc Mismatch
SKILL.md declares repository as github.com/rtk-ai/rtk but openclaw.plugin.json declares homepage as github.com/aimagist/openrtklaw.
"homepage": "https://github.com/aimagist/openrtklaw"
→ Align repository and homepage URLs across documentation files.
 openclaw.plugin.json, SKILL.md:3
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation index.ts:17 execFileSync('rtk', ['rewrite', cmd])
Filesystem NONE WRITE ✗ Violation index.ts:18-19 appendFileSync, mkdirSync for audit logs
1 Critical 1 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh
README.md:20

File Tree

4 files · 9.3 KB · 339 lines
Markdown 2f · 189L TypeScript 1f · 111L JSON 1f · 39L
├─ 📜 index.ts TypeScript 111L · 3.1 KB
├─ 📋 openclaw.plugin.json JSON 39L · 1.2 KB
├─ 📝 README.md Markdown 135L · 3.6 KB
└─ 📝 SKILL.md Markdown 54L · 1.4 KB

Security Positives

✓ No credential harvesting or environment variable iteration observed
✓ Audit logs only contain command rewrites, no sensitive data exfiltration
✓ execFileSync uses explicit arguments array (not shell injection-prone string)
✓ Error handling prevents information leakage on ENOENT or status 1
✓ MIT license with publicly available source code