中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 75/100
上次扫描:20 小时前 重新扫描
75 /100
aicoin-monitor
AiCoin 币圈数据监控 - cryptocurrency market data monitoring skill
SKILL.md explicitly claims 'strict isolation mode' with multiple 'never' statements (never read global config, never read env vars, never write to global paths), but the actual code violates every single one of these claims.
技能名称aicoin-monitor
分析耗时42.2s
引擎pi
不要安装此技能
Do not deploy. The skill deliberately documents security boundaries it does not respect. It reads from /root/.openclaw-zero/config.yaml, reads HTTP_PROXY/HTTPS_PROXY environment variables, and writes to /root/.openclaw-zero/workspace/memory/ — directly contradicting its own documentation.

攻击链 4 步

入口 SKILL.md advertises 'strict isolation mode' with explicit 'never' claims about global config and env vars
SKILL.md:1
提权 Code reads from /root/.openclaw-zero/config.yaml violating stated isolation
scripts/monitor.py:24
提权 Code reads HTTP_PROXY/HTTPS_PROXY environment variables despite documentation saying 'never read env vars'
scripts/monitor.py:57
影响 Data written to /root/.openclaw-zero/workspace/memory/ violating documentation's 'never write to global paths' claim
scripts/monitor.py:252

安全发现 5 项

严重性 安全发现 位置
高危
SKILL.md claims strict isolation but reads global config file 文档欺骗
The documentation explicitly states '✅ 绝不读取 /root/.openclaw-zero/config.yaml 或任何全局配置文件', yet the code at line 24 reads exactly that path.
config_path = '/root/.openclaw-zero/config.yaml'
print(f"✅ 从 {config_path} 加载 API 配置")
→ Remove all code that reads from /root/.openclaw-zero/config.yaml or implement the isolation claimed in documentation.
 scripts/monitor.py:24
高危
SKILL.md claims no env var access but code reads proxy env vars 文档欺骗
The documentation states '✅ 绝不读取 任何环境变量(包括 AICOIN_API_KEY、HTTP_PROXY 等)', yet the code reads HTTP_PROXY and HTTPS_PROXY at lines 57-59.
http_proxy = os.getenv('http_proxy') or os.getenv('HTTP_PROXY')
https_proxy = os.getenv('https_proxy') or os.getenv('HTTPS_PROXY')
→ Remove environment variable reading for proxies or update documentation to declare this capability.
 scripts/monitor.py:57
高危
SKILL.md claims no global path write but code writes to /root/.openclaw-zero/ 文档欺骗
The documentation states '✅ 绝不写入 /root/.openclaw-zero/workspace/memory/ 或任何全局路径', yet the save_data() function writes data to exactly that path.
memory_dir = '/root/.openclaw-zero/workspace/memory'
os.makedirs(memory_dir, exist_ok=True)
filename = f"{memory_dir}/aicoin_{symbol}_{timestamp}.json"
→ Change save path to skill-local data/ directory as documented, or update documentation to declare global path writing.
 scripts/monitor.py:252
高危
Proxy configuration loaded from global config file 敏感访问
load_proxy_from_config() reads /root/.openclaw-zero/config.yaml to extract proxy settings including support for multiple proxy configurations with names and addresses.
config_path = '/root/.openclaw-zero/config.yaml'
if os.path.exists(config_path):
    with open(config_path, 'r', encoding='utf-8') as f:
        config = yaml.safe_load(f)
→ Remove global config reading. Proxy configuration should come only from skill-local config.yaml.
 scripts/monitor.py:48
中危
SKILL.md describes features not present in monitor.py 文档欺骗
SKILL.md advertises 30+ data modules (on-chain, ETF, derivatives, whales, etc.) but monitor.py only implements basic price fetching, large orders, signals, and news — a significant feature mismatch.
SKILL.md advertises BTC ETF flows, CME data, macro indicators, derivatives (funding rates, liquidation maps), whale tracking, smart money tracking, macro calendar
→ Either implement the advertised features or remove them from documentation.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✗ 越权 monitor.py:252 - writes to /root/.openclaw-zero/workspace/memory/
环境变量 NONE READ ✗ 越权 monitor.py:57-59 - reads HTTP_PROXY, HTTPS_PROXY env vars
网络访问 READ READ ✓ 一致 Uses requests to api.aicoin.com
8 项发现
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:7890
SKILL.md:138
🔗
中危 外部 URL 外部 URL
https://www.aicoin.com
SKILL.md:399
🔗
中危 外部 URL 外部 URL
https://docs.aicoin.com
SKILL.md:400
🔗
中危 外部 URL 外部 URL
https://www.aicoin.com/zh-Hans/opendata
SKILL.md:401
🔗
中危 外部 URL 外部 URL
https://api.aicoin.com/v1/market/ticker?symbol=
scripts/monitor.py:107
🔗
中危 外部 URL 外部 URL
https://api.aicoin.com/v1/large/orders?symbol=
scripts/monitor.py:218
🔗
中危 外部 URL 外部 URL
https://api.aicoin.com/v1/signals?symbol=
scripts/monitor.py:236
🔗
中危 外部 URL 外部 URL
https://api.aicoin.com/v1/news/flash?symbol=
scripts/monitor.py:254

目录结构

3 文件 · 28.0 KB · 945 行
Python 1f · 446L Markdown 1f · 414L YAML 1f · 85L
├─ 📁 scripts
│ └─ 🐍 monitor.py Python 446L · 15.7 KB
├─ 📋 config.yaml YAML 85L · 1.9 KB
└─ 📝 SKILL.md Markdown 414L · 10.4 KB

依赖分析 2 项

包名版本来源已知漏洞备注
requests * pip No version pinned, no known vulnerabilities
pyyaml * pip No version pinned

安全亮点

✓ Uses requests library with User-Agent header for legitimate API calls
✓ Implements timeout on network requests
✓ No credential exfiltration or C2 communication observed
✓ No base64-encoded payloads or obfuscation
✓ No direct shell execution via subprocess