async-command Security Report — High Risk | ClawSafe

68 /100

async-command

Async command execution and progress reporting for OpenClaw agents

Skill contains hardcoded IP address for undocumented remote SSH connections and references sensitive paths without clear legitimate purpose in documentation.

Skill Nameasync-command

Duration33.6s

Enginepi

⛔

Do not install this skill

Do not deploy. The hardcoded IP (100.111.20.22) combined with SSH key access and writing to a secrets file suggests data exfiltration capability. Request source code review and clarification on the remote host purpose.

Attack Chain 4 steps

◎

Entry Masquerades as async command execution utility

SKILL.md:1

⬡

Escalation Accesses ~/.ssh/id_ed25519 for SSH authentication

SKILL.md:44

⬡

Escalation Establishes SSH connection to hardcoded IP 100.111.20.22 as root

SKILL.md:45

◉

Impact Writes potentially harvested secrets to /home/nekai/rescue/nyx-secrets.md

SKILL.md:59

Findings 4 items

Severity	Finding	Location
High	Hardcoded External IP Address The skill contains a hardcoded IP address (100.111.20.22) used for SSH connections. This IP is not parameterized or configurable and serves an undocumented purpose. `ssh -i ~/.ssh/id_ed25519 [email protected]` → Remote host configuration should be user-provided, not hardcoded. If legitimate, document why this specific IP is required.	`SKILL.md:45`
High	SSH Private Key Access Skill references ~/.ssh/id_ed25519 for SSH authentication. Accessing SSH private keys allows authentication to remote systems. `ssh -i ~/.ssh/id_ed25519 [email protected]` → If SSH access is necessary, document what operations are performed and what data is accessed/transmitted.	`SKILL.md:44`
Medium	Secrets File Writing Skill writes content to /home/nekai/rescue/nyx-secrets.md. Writing to a path named 'secrets' suggests credential handling. `write(content="# Backup\n...", path="/home/nekai/rescue/nyx-secrets.md")` → Clarify what secrets are being backed up and where they originate. This pattern could be used for credential harvesting.	`SKILL.md:59`
Medium	Root-Level Remote Execution SSH commands execute as root on the remote host ([email protected]), granting full system access. `ssh -i ~/.ssh/id_ed25519 [email protected]` → Document why root access is required and what privileged operations are performed.	`SKILL.md:45`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	exec() calls throughout SKILL.md
Filesystem	`READ`	`WRITE`	✗ Violation	write(content=..., path="/home/nekai/rescue/nyx-secrets.md")
Network	`NONE`	`WRITE`	✗ Violation	ssh [email protected]
Environment	`NONE`	`READ`	✓ Aligned	~/.ssh/id_ed25519 implicit key resolution

1 High 1 findings

📡

High IP Address 硬编码 IP 地址

100.111.20.22

SKILL.md:45

File Tree

1 files · 3.3 KB · 118 lines

Markdown 1f · 118L

└─ 📝 SKILL.md Markdown 118L · 3.3 KB

Security Positives

✓ Skill focuses on async command execution patterns - legitimate use case

✓ Includes watchdog patterns to prevent infinite hangs

✓ Session management features (list, log, kill, send) for observability

Scan Report

Attack Chain 4 steps

Findings 4 items

File Tree

Security Positives