中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:1 day ago Rescan
15 /100
omniclaw-cli
OmniClaw CLI skill for x402 URL payments, USDC transfers, wallet inspection, and paid endpoint serving via the omniclaw-cli zero-trust execution layer
A legitimate OmniClaw CLI skill for USDC payments and x402 service gating, with minor documentation gaps around subprocess usage and file-writing behavior in its generator script.
Skill Nameomniclaw-cli
Duration36.7s
Enginepi
Safe to install
Add a brief note in SKILL.md that the skill invokes the omniclaw-cli via subprocess. The generator script writes outside the skill tree to a root docs path — document this behavior or restrict the generator to skill-local paths only.

Findings 3 items

Severity Finding Location
Low
Subprocess invocation not declared in SKILL.md Doc Mismatch
SKILL.md documents omniclaw-cli usage but never explicitly states the agent will invoke the CLI via subprocess. The actual implementation runs subprocess.run() on omniclaw-cli commands, which is within scope but undocumented.
subprocess.run(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, timeout=25, check=False)
→ Add a brief 'Implementation' section to SKILL.md stating that the skill invokes omniclaw-cli via subprocess.
 scripts/generate_cli_reference.py:42
Low
Generator script writes outside skill tree Doc Mismatch
generate_cli_reference.py writes the generated CLI reference to two paths: one inside the skill (SKILL_REF) and one at the repository root (HUMAN_REF = ROOT/docs/cli-reference.md). The root write is undeclared in SKILL.md.
HUMAN_REF = ROOT / "docs" / "cli-reference.md"
→ Either document this cross-tree write behavior in SKILL.md or restrict HUMAN_REF to a path within the skill directory.
 scripts/generate_cli_reference.py:19
Low
Generator script not referenced in SKILL.md Doc Mismatch
The scripts/ directory contains two files (generate_cli_reference.py, generate_cli_reference.sh) that are not mentioned in SKILL.md. While these are helper scripts for documentation generation rather than runtime components, their existence is opaque.
#!/usr/bin/env python3
→ Either document the generator scripts in SKILL.md or exclude them from the skill package.
 scripts/generate_cli_reference.py:1
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md lines 1-140 declare omniclaw-cli invocations; subprocess calls in gener…
Filesystem NONE WRITE ✓ Aligned generate_cli_reference.py lines 18-19 write to SKILL_REF and HUMAN_REF; HUMAN_RE…
1 findings
🔗
Medium External URL 外部 URL
http://seller-host:8000/api/data
references/cli-reference.md:26

File Tree

4 files · 44.9 KB · 779 lines
Markdown 2f · 625L Python 1f · 148L Shell 1f · 6L
├─ 📁 references
│ └─ 📝 cli-reference.md Markdown 485L · 35.4 KB
├─ 📁 scripts
│ ├─ 🐍 generate_cli_reference.py Python 148L · 5.1 KB
│ └─ 🔧 generate_cli_reference.sh Shell 6L · 193 B
└─ 📝 SKILL.md Markdown 140L · 4.2 KB

Security Positives

✓ No credential harvesting or environment variable iteration observed
✓ No base64 encoding, obfuscation, or anti-analysis techniques present
✓ No network requests to external IPs beyond OMNICLAW_SERVER_URL (which is expected and declared)
✓ No sensitive file access (~/.ssh, ~/.aws, .env files)
✓ No curl|bash or remote script execution
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ omniclaw-cli serve --exec executes only within the legitimate seller workflow documented in SKILL.md
✓ Token handling is explicitly scoped and declared; SKILL.md explicitly says 'never print, log, or transmit it'