中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 75/100
Last scan:22 hr ago Rescan
75 /100
aicoin-monitor
AiCoin 币圈数据监控 - cryptocurrency market data monitoring skill
SKILL.md explicitly claims 'strict isolation mode' with multiple 'never' statements (never read global config, never read env vars, never write to global paths), but the actual code violates every single one of these claims.
Skill Nameaicoin-monitor
Duration42.2s
Enginepi
Do not install this skill
Do not deploy. The skill deliberately documents security boundaries it does not respect. It reads from /root/.openclaw-zero/config.yaml, reads HTTP_PROXY/HTTPS_PROXY environment variables, and writes to /root/.openclaw-zero/workspace/memory/ — directly contradicting its own documentation.

Attack Chain 4 steps

Entry SKILL.md advertises 'strict isolation mode' with explicit 'never' claims about global config and env vars
SKILL.md:1
Escalation Code reads from /root/.openclaw-zero/config.yaml violating stated isolation
scripts/monitor.py:24
Escalation Code reads HTTP_PROXY/HTTPS_PROXY environment variables despite documentation saying 'never read env vars'
scripts/monitor.py:57
Impact Data written to /root/.openclaw-zero/workspace/memory/ violating documentation's 'never write to global paths' claim
scripts/monitor.py:252

Findings 5 items

Severity Finding Location
High
SKILL.md claims strict isolation but reads global config file Doc Mismatch
The documentation explicitly states '✅ 绝不读取 /root/.openclaw-zero/config.yaml 或任何全局配置文件', yet the code at line 24 reads exactly that path.
config_path = '/root/.openclaw-zero/config.yaml'
print(f"✅ 从 {config_path} 加载 API 配置")
→ Remove all code that reads from /root/.openclaw-zero/config.yaml or implement the isolation claimed in documentation.
 scripts/monitor.py:24
High
SKILL.md claims no env var access but code reads proxy env vars Doc Mismatch
The documentation states '✅ 绝不读取 任何环境变量(包括 AICOIN_API_KEY、HTTP_PROXY 等)', yet the code reads HTTP_PROXY and HTTPS_PROXY at lines 57-59.
http_proxy = os.getenv('http_proxy') or os.getenv('HTTP_PROXY')
https_proxy = os.getenv('https_proxy') or os.getenv('HTTPS_PROXY')
→ Remove environment variable reading for proxies or update documentation to declare this capability.
 scripts/monitor.py:57
High
SKILL.md claims no global path write but code writes to /root/.openclaw-zero/ Doc Mismatch
The documentation states '✅ 绝不写入 /root/.openclaw-zero/workspace/memory/ 或任何全局路径', yet the save_data() function writes data to exactly that path.
memory_dir = '/root/.openclaw-zero/workspace/memory'
os.makedirs(memory_dir, exist_ok=True)
filename = f"{memory_dir}/aicoin_{symbol}_{timestamp}.json"
→ Change save path to skill-local data/ directory as documented, or update documentation to declare global path writing.
 scripts/monitor.py:252
High
Proxy configuration loaded from global config file Sensitive Access
load_proxy_from_config() reads /root/.openclaw-zero/config.yaml to extract proxy settings including support for multiple proxy configurations with names and addresses.
config_path = '/root/.openclaw-zero/config.yaml'
if os.path.exists(config_path):
    with open(config_path, 'r', encoding='utf-8') as f:
        config = yaml.safe_load(f)
→ Remove global config reading. Proxy configuration should come only from skill-local config.yaml.
 scripts/monitor.py:48
Medium
SKILL.md describes features not present in monitor.py Doc Mismatch
SKILL.md advertises 30+ data modules (on-chain, ETF, derivatives, whales, etc.) but monitor.py only implements basic price fetching, large orders, signals, and news — a significant feature mismatch.
SKILL.md advertises BTC ETF flows, CME data, macro indicators, derivatives (funding rates, liquidation maps), whale tracking, smart money tracking, macro calendar
→ Either implement the advertised features or remove them from documentation.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✗ Violation monitor.py:252 - writes to /root/.openclaw-zero/workspace/memory/
Environment NONE READ ✗ Violation monitor.py:57-59 - reads HTTP_PROXY, HTTPS_PROXY env vars
Network READ READ ✓ Aligned Uses requests to api.aicoin.com
8 findings
🔗
Medium External URL 外部 URL
http://127.0.0.1:7890
SKILL.md:138
🔗
Medium External URL 外部 URL
https://www.aicoin.com
SKILL.md:399
🔗
Medium External URL 外部 URL
https://docs.aicoin.com
SKILL.md:400
🔗
Medium External URL 外部 URL
https://www.aicoin.com/zh-Hans/opendata
SKILL.md:401
🔗
Medium External URL 外部 URL
https://api.aicoin.com/v1/market/ticker?symbol=
scripts/monitor.py:107
🔗
Medium External URL 外部 URL
https://api.aicoin.com/v1/large/orders?symbol=
scripts/monitor.py:218
🔗
Medium External URL 外部 URL
https://api.aicoin.com/v1/signals?symbol=
scripts/monitor.py:236
🔗
Medium External URL 外部 URL
https://api.aicoin.com/v1/news/flash?symbol=
scripts/monitor.py:254

File Tree

3 files · 28.0 KB · 945 lines
Python 1f · 446L Markdown 1f · 414L YAML 1f · 85L
├─ 📁 scripts
│ └─ 🐍 monitor.py Python 446L · 15.7 KB
├─ 📋 config.yaml YAML 85L · 1.9 KB
└─ 📝 SKILL.md Markdown 414L · 10.4 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
requests * pip No No version pinned, no known vulnerabilities
pyyaml * pip No No version pinned

Security Positives

✓ Uses requests library with User-Agent header for legitimate API calls
✓ Implements timeout on network requests
✓ No credential exfiltration or C2 communication observed
✓ No base64-encoded payloads or obfuscation
✓ No direct shell execution via subprocess