中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
omniclaw-cli
OmniClaw CLI skill for x402 URL payments, USDC transfers, wallet inspection, and paid endpoint serving via the omniclaw-cli zero-trust execution layer
A legitimate OmniClaw CLI skill for USDC payments and x402 service gating, with minor documentation gaps around subprocess usage and file-writing behavior in its generator script.
技能名称omniclaw-cli
分析耗时36.7s
引擎pi
可以安装
Add a brief note in SKILL.md that the skill invokes the omniclaw-cli via subprocess. The generator script writes outside the skill tree to a root docs path — document this behavior or restrict the generator to skill-local paths only.

安全发现 3 项

严重性 安全发现 位置
低危
Subprocess invocation not declared in SKILL.md 文档欺骗
SKILL.md documents omniclaw-cli usage but never explicitly states the agent will invoke the CLI via subprocess. The actual implementation runs subprocess.run() on omniclaw-cli commands, which is within scope but undocumented.
subprocess.run(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, timeout=25, check=False)
→ Add a brief 'Implementation' section to SKILL.md stating that the skill invokes omniclaw-cli via subprocess.
 scripts/generate_cli_reference.py:42
低危
Generator script writes outside skill tree 文档欺骗
generate_cli_reference.py writes the generated CLI reference to two paths: one inside the skill (SKILL_REF) and one at the repository root (HUMAN_REF = ROOT/docs/cli-reference.md). The root write is undeclared in SKILL.md.
HUMAN_REF = ROOT / "docs" / "cli-reference.md"
→ Either document this cross-tree write behavior in SKILL.md or restrict HUMAN_REF to a path within the skill directory.
 scripts/generate_cli_reference.py:19
低危
Generator script not referenced in SKILL.md 文档欺骗
The scripts/ directory contains two files (generate_cli_reference.py, generate_cli_reference.sh) that are not mentioned in SKILL.md. While these are helper scripts for documentation generation rather than runtime components, their existence is opaque.
#!/usr/bin/env python3
→ Either document the generator scripts in SKILL.md or exclude them from the skill package.
 scripts/generate_cli_reference.py:1
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md lines 1-140 declare omniclaw-cli invocations; subprocess calls in gener…
文件系统 NONE WRITE ✓ 一致 generate_cli_reference.py lines 18-19 write to SKILL_REF and HUMAN_REF; HUMAN_RE…
1 项发现
🔗
中危 外部 URL 外部 URL
http://seller-host:8000/api/data
references/cli-reference.md:26

目录结构

4 文件 · 44.9 KB · 779 行
Markdown 2f · 625L Python 1f · 148L Shell 1f · 6L
├─ 📁 references
│ └─ 📝 cli-reference.md Markdown 485L · 35.4 KB
├─ 📁 scripts
│ ├─ 🐍 generate_cli_reference.py Python 148L · 5.1 KB
│ └─ 🔧 generate_cli_reference.sh Shell 6L · 193 B
└─ 📝 SKILL.md Markdown 140L · 4.2 KB

安全亮点

✓ No credential harvesting or environment variable iteration observed
✓ No base64 encoding, obfuscation, or anti-analysis techniques present
✓ No network requests to external IPs beyond OMNICLAW_SERVER_URL (which is expected and declared)
✓ No sensitive file access (~/.ssh, ~/.aws, .env files)
✓ No curl|bash or remote script execution
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ omniclaw-cli serve --exec executes only within the legitimate seller workflow documented in SKILL.md
✓ Token handling is explicitly scoped and declared; SKILL.md explicitly says 'never print, log, or transmit it'