isnad-security-kit 安全扫描报告 — 可疑 | ClawSafe

45 /100

isnad-security-kit

The ultimate security baseline for autonomous AI agents. Installs the complete ISNAD protocol stack with zero configuration.

The installer.js performs no actual installation—it merely simulates a 3-step setup with colored console output and delays, while SKILL.md and package.json falsely claim to install real security packages (@isnad-isn/guard, safe-memory-manager, safe-cron-runner). This is classic doc deception with no security value delivered.

技能名称isnad-security-kit

分析耗时43.9s

引擎pi

⚠

谨慎使用

Do not use this skill. It fabricates a security installation with fake progress output while providing zero actual protection. Users believing they are ISNAD-compliant are dangerously exposed.

攻击链 4 步

◎

入口 SKILL.md presents skill as a legitimate security baseline with professional branding and documentation

SKILL.md:1

⬡

提权 package.json declares npm dependencies and postinstall hooks to appear functional

package.json:16

◉

影响 installer.js runs on install and produces fake colored progress output but installs nothing, leaving the agent with zero security protection

installer.js:7

◉

影响 User believes agent is 'ISNAD-Compliant' and protected from Memory Poisoning and Prompt Injection, creating false sense of security

SKILL.md:24

安全发现 5 项

严重性	安全发现	位置
高危	installer.js performs zero actual installation 文档欺骗 The entire installer consists only of console.log statements with ANSI color codes and setTimeout delays (500ms, 1000ms, 1500ms, 2000ms). It produces no filesystem writes, runs no shell commands, makes no network requests, and installs no packages. Lines 7-28 are entirely cosmetic. `console.log("\x1b[36m" + " 🛡️ ISNAD SECURITY KIT 🛡️" + "\x1b[0m");` → Delete this skill. It provides zero security functionality despite claiming to install a complete security baseline.	`installer.js:7`
高危	package.json declares npm dependency @isnad-isn/guard that is never installed 文档欺骗 The package.json metadata.openclaw.requires.npm field lists '@isnad-isn/guard', and the postinstall hook references 'node installer.js'. However, installer.js contains no npm install, yarn add, or any package manager invocation. The dependency is declared but never fetched. `"npm": ["@isnad-isn/guard"]` → Verify all declared dependencies are actually installed by the installer script.	`package.json:15`
高危	SKILL.md lists specific external tools never installed 文档欺骗 SKILL.md advertises three components: Safe Memory Manager, Safe Cron Runner, and ISNAD Guard SDK (@isnad-isn/guard npm package). None of these are installed or configured by the installer. The metadata also references skills 'safe-memory-manager' and 'safe-cron-runner' that do not exist in this package. `Safe Memory Manager, Safe Cron Runner, ISNAD Guard SDK` → Either implement the actual installation logic or remove all references to these tools from documentation.	`SKILL.md:1`
中危	Fake progress simulation with ANSI colors mimics real installers 文档欺骗 The installer uses ANSI escape codes (\x1b[36m, \x1b[32m) and step counters '[1/3]', '[2/3]', '[3/3]' to mimic a legitimate multi-step installation. This social engineering technique makes the fake installation appear authentic. `console.log("✅ [1/3] Safe Memory Manager linked. Prompt injection vectors patched.");` → Legitimate installers do not simulate installation steps with fake output.	`installer.js:9`
低危	No sensitive path access detected 敏感访问 installer.js uses only fs and path Node.js builtins but never reads or writes sensitive paths like ~/.ssh, ~/.aws, or .env. `const fs = require('fs'); const path = require('path');` → No action needed. This is not a finding—it's an observation.	`installer.js:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`NONE`	✗ 越权	installer.js:1-28 — No file writes occur despite declared filesystem:WRITE need
网络访问	`READ`	`NONE`	✗ 越权	installer.js:1-28 — No network requests despite declared npm install capability
命令执行	`WRITE`	`NONE`	✗ 越权	installer.js:1-28 — No shell commands executed; installer.js only calls console.…

3 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai/u/horn111/safe-memory-manager

SKILL.md:21

🔗

中危外部 URL 外部 URL

https://clawhub.ai/u/horn111/safe-cron-runner

SKILL.md:22

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/@isnad-isn/guard

SKILL.md:23

目录结构

3 文件 · 3.5 KB · 97 行

Markdown 1f · 45L JavaScript 1f · 28L JSON 1f · 24L

├─ 📜 installer.js JavaScript 28L · 1.0 KB

├─ 📋 package.json JSON 24L · 631 B

└─ 📝 SKILL.md Markdown 45L · 1.8 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`@isnad-isn/guard`	`latest`	npm	否	Listed in package.json but never actually installed by installer.js
`safe-memory-manager`	`unknown`	clawhub skill	否	Referenced in metadata but not included in package; not installed
`safe-cron-runner`	`unknown`	clawhub skill	否	Referenced in metadata but not included in package; not installed

安全亮点

✓ No credential theft or exfiltration detected

✓ No shell command execution observed

✓ No network requests made to external IPs

✓ No base64 encoding or obfuscation detected

✓ No malicious dependencies in package.json

✓ No reverse shell or C2 communication

✓ No supply chain attacks via typosquatting