Skill Trust Decision

smyx-eye-anomaly-detection-analysis

Name: smyx-eye-anomaly-detection-analysis Trust Review Report
Item: smyx-eye-anomaly-detection-analysis
Rating: 55
Author: ClawSafe

技能功能正常但存在多处阴影功能：读取工作区敏感文件data/smyx-api-key.txt、环境变量收集、subprocess调用代码（已注释但意图可疑）、SQLite本地凭证存储，且文档未声明这些行为。

Install decision first Source: ClawHub Scanned: 1 day ago

Files 29

Artifacts 10

Violations 4

Findings 5

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

4 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

10 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

读取未声明的敏感文件 +15

读取工作区data/smyx-api-key.txt获取内部身份，SKILL.md未声明

环境变量收集 +10

读取OPENCLAW_SENDER_OPEN_ID/username、FEISHU_OPEN_ID等环境变量

subprocess调用代码（已注释） +10

smyx_common/scripts/skill.py:38-62保留subprocess.run调用openclaw agent的完整代码，仅注释掉执行行

本地SQLite凭证存储 +10

将token/open_token等敏感信息存储到本地smyx-common-claw.db

Most important evidence

Medium Sensitive Access

读取未声明的敏感文件 data/smyx-api-key.txt

OpenIdUtil.get_api_key_file_open_id()读取工作区data/smyx-api-key.txt获取内部身份标识，但SKILL.md未声明此行为

skills/smyx_common/scripts/util.py:196

在SKILL.md中声明此文件访问行为，说明用途

Medium Sensitive Access

环境变量收集行为

config.py:89-97直接读取OPENCLAW_SENDER_OPEN_ID、OPENCLAW_SENDER_USERNAME、FEISHU_OPEN_ID等环境变量，SKILL.md未声明

skills/smyx_common/scripts/config.py:89

移除对敏感环境变量的依赖或明确文档化

Medium RCE

subprocess调用代码（已注释但意图可疑）

smyx_common/scripts/skill.py:38-62保留了完整的subprocess.run调用openclaw agent命令的代码，仅注释掉执行行。包含完整的cmd构建、错误处理逻辑。意图不明

skills/smyx_common/scripts/skill.py:38

完全移除此代码或明确说明用途并更新SKILL.md

Low Credential Theft

本地SQLite数据库存储用户凭证

dao.py将用户token、open_token等敏感信息存储到本地SQLite数据库smyx-common-claw.db，SKILL.md未声明

skills/smyx_common/scripts/dao.py:157

在SKILL.md中声明本地数据存储行为

Low Doc Mismatch

声明-行为不一致

SKILL.md声明'仅访问网络URL'，但实际代码会读取本地文件和写入本地数据库；声明'系统自动处理身份'但实际会创建本地缺省用户并持久化

SKILL.md:1

更新SKILL.md完整声明所有文件系统操作和数据库操作

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred READ

skills/smyx_analysis/scripts/skill.py:80-88

Network Block

Declared READ

→

Inferred WRITE

skills/smyx_analysis/scripts/api_service.py - 文件上传到外部API

Environment Block

Declared NONE

→

Inferred READ

skills/smyx_common/scripts/config.py:89-97

Shell Block

Declared NONE

→

Inferred WRITE

skills/smyx_common/scripts/skill.py:38-62 (注释代码)

Database Block

Declared NONE

→

Inferred WRITE

skills/smyx_common/scripts/dao.py - 本地SQLite存储用户凭证

Suspicious artifacts and egress

Medium External URL

https://lifeemergence.com/sample.html

SKILL.md:34

Medium External URL

http://192.168.1.234:9601/smyx-open-api

skills/smyx_common/scripts/config-dev.yaml:2

Medium External URL

http://192.168.1.234:4100

skills/smyx_common/scripts/config-dev.yaml:3

Medium External URL

http://192.168.1.234:7070/jeecg-boot-xzgz

skills/smyx_common/scripts/config-dev.yaml:4

Medium External URL

https://livemonitortest.lifeemergence.com/smyx-open-api

skills/smyx_common/scripts/config-test.yaml:2

Medium External URL

http://livemonitortest.lifeemergence.com

skills/smyx_common/scripts/config-test.yaml:3

Medium External URL

https://healthtest.lifeemergence.com/jeecg-boot-xzgz

skills/smyx_common/scripts/config-test.yaml:4

Medium External URL

https://lifeemergence.com/jeecg-boot-xzgz

skills/smyx_common/scripts/config.yaml:4

Medium External URL

https://open.lifeemergence.com/smyx-open-api

skills/smyx_common/scripts/config.yaml:5

Medium External URL

http://livemonitor.lifeemergence.com

skills/smyx_common/scripts/config.yaml:6

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`>=2.28.0`	pip	No	有版本下限约束
SQLAlchemy	`==2.0.46`	pip	No	精确版本锁定
pydash	`==8.0.6`	pip	No	精确版本锁定
yaml	`==6.0.3`	pip	No	精确版本锁定

File composition

29 files · 2396 lines

Python 18 files · 2118 linesMarkdown 3 files · 243 linesYAML 6 files · 29 linesText 2 files · 6 lines

Files of concern · 5

skills/smyx_common/scripts/util.py Python · 591 lines

读取未声明的敏感文件 data/smyx-api-key.txt

skills/smyx_common/scripts/config.py Python · 382 lines

环境变量收集行为

skills/smyx_common/scripts/dao.py Python · 401 lines

本地SQLite数据库存储用户凭证

SKILL.md Markdown · 204 lines

声明-行为不一致 · https://lifeemergence.com/sample.html

skills/smyx_common/scripts/skill.py Python · 85 lines

subprocess调用代码（已注释但意图可疑）

Other files · skill.py · smyx_analysis.py · smyx_eye_anomaly_detection_analysis.py · api_service.py · api_service.py · config.py +1

29 files · 95.7 KB · 2396 lines

Python 18f · 2118LMarkdown 3f · 243LYAML 6f · 29LText 2f · 6L

├─ ▾ 📁 references

│ └─ 📝 api_doc.md Markdown 20L · 692 B

├─ ▾ 📁 scripts

│ ├─ 🐍 __init__.py Python 1L · 80 B

│ ├─ 🐍 config.py Python 24L · 701 B

│ ├─ 📋 config.yaml YAML 1L · 3 B

│ ├─ 🐍 skill.py Python 23L · 602 B

│ └─ 🐍 smyx_eye_anomaly_detection_analysis.py Python 99L · 3.4 KB

├─ ▾ 📁 skills

│ ├─ ▾ 📁 smyx_analysis

│ │ ├─ ▾ 📁 references

│ │ │ └─ 📝 api_doc.md Markdown 19L · 427 B

│ │ ├─ ▾ 📁 scripts

│ │ │ ├─ 🐍 __init__.py Python 0 B

│ │ │ ├─ 🐍 api_service.py Python 40L · 1.5 KB

│ │ │ ├─ 🐍 config.py Python 39L · 1003 B

│ │ │ ├─ 📋 config.yaml YAML 1L · 3 B

│ │ │ ├─ 🐍 skill.py Python 175L · 6.4 KB

│ │ │ └─ 🐍 smyx_analysis.py Python 115L · 3.7 KB

│ │ ├─ 🐍 __init__.py Python 0 B

│ │ └─ 📄 requirements.txt Text 3L · 45 B

│ └─ ▾ 📁 smyx_common

│ ├─ ▾ 📁 scripts

│ │ ├─ 🐍 __init__.py Python 9L · 177 B

│ │ ├─ 🐍 api_service.py Python 101L · 2.6 KB

│ │ ├─ 🐍 base.py Python 33L · 469 B

│ │ ├─ 📋 config-dev.yaml YAML 6L · 214 B

│ │ ├─ 📋 config-prod.yaml YAML 0 B

│ │ ├─ 📋 config-test.yaml YAML 6L · 256 B

│ │ ├─ 🐍 config.py Python 382L · 22.3 KB

│ │ ├─ 📋 config.yaml YAML 15L · 473 B

│ │ ├─ 🐍 dao.py Python 401L · 13.2 KB

│ │ ├─ 🐍 skill.py Python 85L · 2.4 KB

│ │ └─ 🐍 util.py Python 591L · 22.9 KB

│ ├─ 🐍 __init__.py Python 0 B

│ └─ 📄 requirements.txt Text 3L · 47 B

└─ 📝 SKILL.md Markdown 204L · 12.3 KB

Security positives

subprocess执行代码已被注释掉，当前不会实际执行

依赖包有版本锁定（requests>=2.28.0, SQLAlchemy==2.0.46等）

使用SQLAlchemy ORM而非直接SQL拼接，有基本SQL注入防护

代码结构清晰，有合理的错误处理

无base64编码或eval调用等典型恶意模式