中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 72/100
上次扫描:17 小时前 重新扫描
72 /100
claw-ops-manager
OpenClaw operations management center with audit logging, snapshots, and rollback
The skill executes arbitrary shell commands via subprocess without explicit declaration, monitors and snapshots sensitive credential paths (~/.ssh, /etc/ssh) without stated justification, and includes documentation examples of destructive commands.
技能名称claw-ops-manager
分析耗时82.0s
引擎pi
不要安装此技能
Do not deploy without major security rework. The skill requires explicit shell:WRITE permission declaration, removal of sensitive paths from auto-snapshot configuration, and clear documentation explaining why credential directories are monitored.

安全发现 5 项

严重性 安全发现 位置
高危
Undeclared Shell Command Execution 权限提升
The skill executes arbitrary shell commands passed to audited_exec() via subprocess.run(command, shell=True) without declaring shell execution as a capability in SKILL.md
subprocess.run(command, shell=True, capture_output=True, text=True)
→ Declare shell:WRITE capability explicitly in SKILL.md or remove shell execution and only log operations
 scripts/audited_ops.py:240
高危
Sensitive Credential Paths in Auto-Snapshot 敏感访问
~/.ssh and /etc/ssh are included in auto_snapshot_paths list (lines 36-38) which means all SSH keys and configs are automatically copied to snapshot directory on every operation
str(Path.home() / ".ssh"),
"/etc/ssh",
"/etc/sudoers.d"
→ Remove sensitive paths from auto_snapshot_paths unless explicitly required and documented. Snapshots of credential directories create data exposure risk.
 scripts/audited_ops.py:36
高危
Sensitive Paths in Default Protected Paths 敏感访问
~/.ssh and /etc/ssh appear in protected_paths default configuration (scripts/init.py:114) and file monitor (scripts/monitor.py:89-91)
"~/.ssh"
→ Provide clear justification for why SSH directories need monitoring, or remove from default configuration
 scripts/init.py:114
中危
Shell Eval Usage in Wrapper 代码执行
audit_wrapper.sh uses 'eval $command' which has security implications when handling untrusted input
eval "$command"
→ Replace eval with safer subprocess execution methods with proper argument separation
 scripts/audit_wrapper.sh:55
中危
Dangerous Command Examples in Documentation 文档欺骗
COMPLETED_v2.md:10 and MARKETING.md:45 contain 'rm -rf ~' and 'rm -rf /' as documentation examples showing how the skill logs commands
rm -rf ~/Desktop/截图
→ Use less destructive commands for documentation examples
 COMPLETED_v2.md:10
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 scripts/audited_ops.py:240 - subprocess.run(command, shell=True)
文件系统 READ WRITE ✗ 越权 scripts/audited_ops.py:262-270 - writes files for snapshots
环境变量 NONE READ ✗ 越权 scripts/audited_ops.py:28 - os.environ.get('USER'), scripts/auto_audit.py:26 - o…
2 严重 7 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf ~
COMPLETED_v2.md:10
💀
严重 危险命令 危险 Shell 命令
rm -rf /
MARKETING.md:45
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/ClawHub-v2.0.0-667eea?style=for-the-badge
MARKETING.md:97
🔗
中危 外部 URL 外部 URL
https://clawhub.com/package/claw-ops-manager
MARKETING.md:97
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/ClawHub-v2.0.0-667eea
OPTIMIZED_METADATA.md:101
🔗
中危 外部 URL 外部 URL
https://cdn.plot.ly/plotly-latest.min.js
assets/templates/dashboard.html:7
📧
提示 邮箱 邮箱地址
[email protected]
scripts/snapshot.py:37

目录结构

27 文件 · 333.4 KB · 10830 行
Python 13f · 7147L HTML 3f · 1777L Markdown 7f · 1461L Shell 2f · 258L JSON 2f · 187L
├─ 📁 assets
│ └─ 📁 templates
│ ├─ 📄 dashboard_v2.html HTML 582L · 17.5 KB
│ ├─ 📄 dashboard_v3.html HTML 742L · 25.0 KB
│ └─ 📄 dashboard.html HTML 453L · 12.8 KB
├─ 📁 references
│ └─ 📝 api.md Markdown 175L · 4.0 KB
├─ 📁 scripts
│ ├─ 🔧 audit_wrapper.sh Shell 102L · 2.2 KB
│ ├─ 🐍 audited_ops.py Python 303L · 8.9 KB
│ ├─ 🐍 auto_audit.py Python 200L · 5.5 KB
│ ├─ 🐍 describer.py Python 261L · 9.9 KB
│ ├─ 🐍 init.py Python 175L · 5.4 KB
│ ├─ 🐍 logger.py Python 263L · 7.4 KB
│ ├─ 🐍 monitor.py Python 123L · 3.4 KB
│ ├─ 🐍 rollback.py Python 284L · 8.7 KB
│ ├─ 🐍 server_full.py Python 1507L · 47.8 KB
│ ├─ 🐍 server_simple.py Python 232L · 9.2 KB
│ ├─ 🐍 server_v2.py Python 1531L · 48.7 KB
│ ├─ 🐍 server_v3.py Python 1578L · 50.7 KB
│ ├─ 🐍 server.py Python 284L · 7.2 KB
│ ├─ 🔧 setup_auto_audit.sh Shell 156L · 4.1 KB
│ └─ 🐍 snapshot.py Python 406L · 13.4 KB
├─ 📁 translations
│ └─ 📋 operations.json JSON 182L · 7.5 KB
├─ 📋 _meta.json JSON 5L · 135 B
├─ 📝 COMPLETED_v2.md Markdown 241L · 5.3 KB
├─ 📝 INTEGRATION.md Markdown 125L · 2.7 KB
├─ 📝 MARKETING.md Markdown 236L · 8.0 KB
├─ 📝 OPTIMIZED_METADATA.md Markdown 171L · 5.9 KB
├─ 📝 SKILL.md Markdown 322L · 8.2 KB
└─ 📝 USAGE_v2.md Markdown 191L · 3.8 KB

依赖分析 3 项

包名版本来源已知漏洞备注
flask not specified pip Listed in SKILL.md dependencies but not pinned
watchdog not specified pip Listed in SKILL.md dependencies but not pinned
plotly not specified pip Listed in SKILL.md dependencies but not pinned

安全亮点

✓ No credential harvesting or exfiltration code detected
✓ No network exfiltration to external servers
✓ No base64 encoding or obfuscated malicious code
✓ No reverse shell or C2 communication patterns
✓ No hidden HTML comments with malicious instructions
✓ Includes permission checking before operations
✓ Database uses SQLite with proper schema design
✓ Supports dry-run mode for rollback operations