mia-trust 安全扫描报告 — 低风险 | ClawSafe

15 /100

mia-trust

MIA-Trust Pipeline - Memory-Intelligent Assistant Trust Guard + Memory Evolution

MIA-Trust is a legitimate security guard pipeline that performs prompt injection detection, plan evaluation, and memory management. The skill has minor documentation gaps (undeclared execSync usage) but no malicious behavior detected.

技能名称mia-trust

分析耗时40.7s

引擎pi

✓

可以安装

Add explicit documentation of execSync child process spawning and API key environment variable usage in SKILL.md. No blocking actions needed.

安全发现 3 项

严重性	安全发现	位置
低危	Undeclared child process execution run.mjs uses execSync to spawn child Node processes for trust and planner modules, but this is not declared in SKILL.md execSync(`node ${join(__dirname, 'trust/mia-trust.mjs')} guard_blocked...` → Document execSync usage in SKILL.md capabilities section or refactor to use native module imports	`run.mjs:42`
提示	API key environment variable access Multiple environment variables for API keys (MIA_PLANNER_API_KEY, MIA_TRUST_API_KEY) are read but not declared `MIA_PLANNER_API_KEY: process.env.MIA_PLANNER_API_KEY \|\| ''` → Add environment variable access to capability documentation	`run.mjs, trust/mia-trust.mjs:28`
提示	Query injection in execSync (mitigated) User input is passed to execSync with basic quote escaping, which is a potential injection vector `QUESTION.replace(/"/g, '\"')` → Current escaping is minimal but functional for basic protection. Consider more robust input validation.	`run.mjs:45`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	run.mjs:42 - execSync spawns child node processes
网络访问	`NONE`	`READ`	✓ 一致	planner/mia-planner.mjs:65, trust/mia-trust.mjs - API calls to external endpoint…
文件系统	`NONE`	`WRITE`	✓ 一致	memory/mia-memory.mjs:appendFileSync, trust/mia-trust.mjs - writes to memory.jso…
环境变量	`NONE`	`READ`	✗ 越权	run.mjs:28-36, trust/mia-trust.mjs:10-14 - reads API keys from process.env

3 项发现

🔗

中危外部 URL 外部 URL

https://your-api-endpoint/v1/chat/completions

PIPELINE.md:134

🔗

中危外部 URL 外部 URL

https://paypal.me/jimmywarting

package-lock.json:35

🔗

中危外部 URL 外部 URL

https://opencollective.com/node-fetch

package-lock.json:94

目录结构

11 文件 · 211.5 KB · 3056 行

JavaScript 6f · 2064L JSON 3f · 716L Markdown 2f · 276L

├─ ▾ 📁 feedback

│ └─ 📜 mia-feedback.mjs JavaScript 95L · 2.4 KB

├─ ▾ 📁 memory

│ └─ 📜 mia-memory.mjs JavaScript 426L · 12.4 KB

├─ ▾ 📁 planner

│ └─ 📜 mia-planner.mjs JavaScript 191L · 6.0 KB

├─ ▾ 📁 trust

│ ├─ 📜 mia-trust.mjs JavaScript 1190L · 47.8 KB

│ └─ 📋 trust_experience.json JSON 579L · 128.2 KB

├─ 📜 _sync_trust_exp.mjs JavaScript 5L · 266 B

├─ 📋 package-lock.json JSON 107L · 3.3 KB

├─ 📋 package.json JSON 30L · 691 B

├─ 📝 PIPELINE.md Markdown 157L · 3.5 KB

├─ 📜 run.mjs JavaScript 157L · 4.2 KB

└─ 📝 SKILL.md Markdown 119L · 2.6 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`node-fetch`	`^3.3.2`	npm	否	Modern fetch implementation, no known vulnerabilities

安全亮点

✓ Purpose is clearly legitimate: prompt injection detection and plan security evaluation

✓ Implements multi-layer security: regex scanning + LLM deep analysis + historical experience

✓ Uses constitutional principles for safety evaluation (Authenticity, Safety, Privacy, Robustness, Fairness)

✓ Memory storage is for legitimate experience tracking, not credential harvesting

✓ No base64 decoding, direct IP connections, or C2 communication patterns

✓ API calls are to user-configured endpoints only (no hardcoded exfiltration URLs)

✓ Includes anti-bypass patterns for common prompt injection techniques

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files outside normal config