run402-test 安全扫描报告 — 可疑 | ClawSafe

35 /100

run402-test

Test skill for Run402 — provision AI-native Postgres databases with REST API, auth, and row-level security using x402 micropayments on Base.

Skill performs undeclared filesystem access to read stored API credentials from ~/.config/run402/ that is not mentioned in SKILL.md documentation.

技能名称run402-test

分析耗时27.6s

引擎pi

⚠

谨慎使用

Document the local config file read behavior in SKILL.md and clarify that the script reads existing project credentials rather than only using curl commands as shown in examples.

安全发现 3 项

严重性	安全发现	位置
中危	Documentation mismatch - curl examples vs actual implementation 文档欺骗 SKILL.md only shows curl commands for database operations but the actual sql2.mjs script reads local config files from ~/.config/run402/projects.json. This hidden file access is not documented. `const projects = JSON.parse(readFileSync(join(CONFIG_DIR, "projects.json"), "utf-8"));` → Document that the script requires pre-existing credentials stored in ~/.config/run402/projects.json or provide setup instructions.	`sql2.mjs:10`
中危	Accesses sensitive application config directory 敏感访问 Script reads from ~/.config/run402/ directory which is a sensitive application configuration path containing service credentials. `const CONFIG_DIR = join(homedir(), ".config", "run402");` → If this is a legitimate database client, clarify that it reads locally stored credentials for authenticated API access.	`sql2.mjs:8`
低危	Reads service_key credential from local file 凭证窃取 The script extracts service_key from projects.json and uses it as Bearer token for API authorization. While this may be legitimate, credential access is undeclared. `const p = projects.find(x => x.project_id === process.argv[2]);` → Document whether the script exfiltrates credentials or only uses them for legitimate API calls.	`sql2.mjs:12`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✗ 越权	sql2.mjs:10 reads readFileSync(join(CONFIG_DIR, "projects.json"))
网络访问	`NONE`	`WRITE`	✗ 越权	sql2.mjs:14 performs fetch() POST to api.run402.com
命令执行	`NONE`	`NONE`	—	No shell execution detected
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No cross-skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	No browser access detected
数据库	`NONE`	`READ`	✗ 越权	sql2.mjs:12 reads service_key from projects.json

4 项发现

🔗

中危外部 URL 外部 URL

https://api.run402.com/v1/projects

SKILL.md:13

🔗

中危外部 URL 外部 URL

https://api.run402.com/admin/v1/projects/$PROJECT_ID/sql

SKILL.md:24

🔗

中危外部 URL 外部 URL

https://api.run402.com/rest/v1/todos?done=eq.false

SKILL.md:33

🔗

中危外部 URL 外部 URL

https://api.run402.com

sql2.mjs:5

目录结构

2 文件 · 1.8 KB · 58 行

Markdown 1f · 43L JavaScript 1f · 15L

├─ 📝 SKILL.md Markdown 43L · 1.1 KB

└─ 📜 sql2.mjs JavaScript 15L · 680 B

安全亮点

✓ HTTP requests go to a legitimate domain (api.run402.com) not a suspicious IP

✓ No base64 encoding or obfuscation detected

✓ No reverse shell, C2, or data exfiltration patterns

✓ No remote script execution (curl|bash, wget|sh)

✓ No direct credential harvesting from environment variables

✓ No access to ~/.ssh, ~/.aws, or system credential stores