中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 30/100
上次扫描:1 天前 重新扫描
30 /100
openclaw-soul
OpenClaw self-evolution framework one-click deployment. Installs constitution (AGENTS.md), evolvable soul (SOUL.md), heartbeat system, six-layer memory architecture, goal management, thinking methodologies (HDD/SDD), and optional dependency skills (EvoClaw, Self-Improving, etc.)
Legitimate self-evolution framework with no malicious behavior; minor doc-to-code mismatches on network access and session data reading.
技能名称openclaw-soul
分析耗时92.4s
引擎pi
可以安装
Approve with documentation caveat: add explicit network:READ and filesystem:READ declarations to SKILL.md; clarify session transcript access scope.

安全发现 4 项

严重性 安全发现 位置
中危
Network access not declared in SKILL.md 文档欺骗
SKILL.md does not declare any network:READ permission, yet the EvoClaw configure.md and sources.md reference files show the skill makes API calls to external services (moltbook.com, api.x.com, mastodon.social) for social feed polling. These are legitimate features but the network access is only documented in subordinate files, not the main SKILL.md.
SKILL.md metadata declares no network permissions; configure.md shows curl to https://www.moltbook.com/api/v1/agents/me
→ Add network:READ to allowed-tools mapping in SKILL.md header metadata, and add a Network Access section documenting external API endpoints (Moltbook, X/Twitter, Mastodon) with their purpose.
 SKILL.md:1
低危
Session transcript read access not declared 文档欺骗
The merge-daily-transcript.js script reads all .jsonl files from ~/.openclaw/agents/main/sessions/ to archive conversation history. This filesystem:READ access to session data is not declared in SKILL.md.
const SESSIONS_DIR = path.join(HOME, '.openclaw', 'agents', 'main', 'sessions');
→ Declare that the skill reads session transcripts for memory archival purposes, and scope it to only the current agent's sessions directory.
 fallback/memory-deposit/scripts/merge-daily-transcript.js:120
低危
clawhub install path lacks integrity verification 供应链
SKILL.md §4 installs dependency skills via 'clawhub install <name> --force' without any hash verification, checksum, or version pinning. A compromised clawhub registry or man-in-the-middle attack could deliver a malicious skill.
clawhub install <skill-name> --force
→ Use version-pinned installs (e.g., clawhub install <name>@1.2.3) or verify checksums post-install. Warn users that clawhub install requires network access and a trusted registry.
 SKILL.md:300
提示
Sensitive file flag false positive 文档欺骗
fallback/evoclaw/config.json is flagged as 'sensitive' by pre-scan but contains only a template JSON config with no actual secrets — only env var reference names (MOLTBOOK_API_KEY, X_BEARER_TOKEN). No real credentials are stored.
{"api_key_env": "MOLTBOOK_API_KEY"}
→ No action needed. This is a false positive from content-based detection. The file stores only placeholder key names, not actual credentials.
 fallback/evoclaw/config.json:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md §2 uses cp/bash for file deployment
网络访问 NONE READ ✗ 越权 configure.md lines 150-223: curl to moltbook.com/api/v1 and api.x.com; sources.m…
命令执行 WRITE WRITE ✓ 一致 SKILL.md §1c, §2, §7: extensive bash usage for find, cp, mkdir, chmod, crontab, …
环境变量 NONE READ ✓ 一致 configure.md reads API keys via ${!api_key_env}; openclaw config writes to openc…
技能调用 NONE WRITE ✓ 一致 SKILL.md §4 installs evoclaw, self-improving, skill-vetter, hdd, sdd to workspac…
剪贴板 NONE NONE No clipboard access detected
浏览器 NONE NONE No browser access detected
数据库 NONE NONE No database access detected
24 项发现
🔗
中危 外部 URL 外部 URL
https://api.siliconflow.cn/v1
SKILL.md:416
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/agents/me
fallback/evoclaw/configure.md:150
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/feed?sort=hot&limit=3
fallback/evoclaw/configure.md:169
🔗
中危 外部 URL 外部 URL
https://api.x.com/2/users/me
fallback/evoclaw/configure.md:210
🔗
中危 外部 URL 外部 URL
https://api.x.com/2/users/me/mentions?max_results=5&tweet.fields=created_at
fallback/evoclaw/configure.md:223
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1
fallback/evoclaw/references/sources.md:28
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/feed?sort=hot&limit=10
fallback/evoclaw/references/sources.md:43
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/posts?sort=new&limit=10&submolt=general
fallback/evoclaw/references/sources.md:55
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/posts/
fallback/evoclaw/references/sources.md:62
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/search?q=agent+identity&limit=10
fallback/evoclaw/references/sources.md:69
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/agents/status
fallback/evoclaw/references/sources.md:79
🔗
中危 外部 URL 外部 URL
https://www.moltbook.com/api/v1/agents/dm/check
fallback/evoclaw/references/sources.md:83
🔗
中危 外部 URL 外部 URL
https://api.x.com/2
fallback/evoclaw/references/sources.md:129
🔗
中危 外部 URL 外部 URL
https://api.x.com/2/users/$
fallback/evoclaw/references/sources.md:145
🔗
中危 外部 URL 外部 URL
https://api.x.com/2/tweets/search/recent?query=AI+agent+identity&max_results=10&tweet.fields=created_at
fallback/evoclaw/references/sources.md:159
🔗
中危 外部 URL 外部 URL
https://api.x.com/2/tweets/
fallback/evoclaw/references/sources.md:166
🔗
中危 外部 URL 外部 URL
https://api.example.com/v1
fallback/evoclaw/references/sources.md:205
🔗
中危 外部 URL 外部 URL
https://mastodon.social/api/v1
fallback/evoclaw/references/sources.md:363
🔗
中危 外部 URL 外部 URL
https://mastodon.social/api/v1/accounts/verify_credentials
fallback/evoclaw/references/sources.md:368
🔗
中危 外部 URL 外部 URL
https://mastodon.social/api/v1/timelines/home?limit=20
fallback/evoclaw/references/sources.md:375
🔗
中危 外部 URL 外部 URL
https://mastodon.social/api/v1/notifications?types[
fallback/evoclaw/references/sources.md:385
🔗
中危 外部 URL 外部 URL
https://mastodon.social/api/v2/search?q=agent+identity&type=statuses&limit=10
fallback/evoclaw/references/sources.md:392
🔗
中危 外部 URL 外部 URL
http://www.w3.org/2000/svg
fallback/evoclaw/tools/soul-viz.py:224
🔗
中危 外部 URL 外部 URL
https://clawic.com/skills/self-improving
fallback/self-improving/SKILL.md:5

目录结构

61 文件 · 526.7 KB · 15619 行
Markdown 38f · 8385L Python 10f · 4398L JavaScript 7f · 2493L TypeScript 1f · 220L Shell 1f · 64L JSON 4f · 59L
├─ 📁 fallback
│ ├─ 📁 evoclaw
│ │ ├─ 📁 references
│ │ │ ├─ 📝 examples.md Markdown 153L · 7.9 KB
│ │ │ ├─ 📝 heartbeat-debug.md Markdown 364L · 10.8 KB
│ │ │ ├─ 📝 schema.md Markdown 239L · 6.5 KB
│ │ │ └─ 📝 sources.md Markdown 445L · 13.9 KB
│ │ ├─ 📁 tools
│ │ │ └─ 🐍 soul-viz.py Python 2324L · 67.0 KB
│ │ ├─ 📁 validators
│ │ │ ├─ 🐍 check_pipeline_ran.py Python 252L · 9.6 KB
│ │ │ ├─ 🐍 check_workspace.py Python 176L · 6.2 KB
│ │ │ ├─ 🐍 run_all.py Python 224L · 8.1 KB
│ │ │ ├─ 🐍 validate_experience.py Python 213L · 7.1 KB
│ │ │ ├─ 🐍 validate_proposal.py Python 252L · 9.8 KB
│ │ │ ├─ 🐍 validate_reflection.py Python 261L · 9.5 KB
│ │ │ ├─ 🐍 validate_soul.py Python 263L · 9.0 KB
│ │ │ └─ 🐍 validate_state.py Python 179L · 6.7 KB
│ │ ├─ 📋 _meta.json JSON 5L · 126 B
│ │ ├─ 🔑 config.json JSON 37L · 1.3 KB
│ │ ├─ 📝 configure.md Markdown 1026L · 35.5 KB
│ │ ├─ 📝 README.md Markdown 61L · 2.2 KB
│ │ └─ 📝 SKILL.md Markdown 1143L · 47.6 KB
│ ├─ 📁 hdd
│ │ └─ 📝 SKILL.md Markdown 365L · 15.1 KB
│ ├─ 📁 load-game
│ │ └─ 📝 SKILL.md Markdown 129L · 4.0 KB
│ ├─ 📁 memory-deposit
│ │ └─ 📁 scripts
│ │ ├─ 🔧 auto-commit.sh Shell 64L · 2.0 KB
│ │ └─ 📜 merge-daily-transcript.js JavaScript 470L · 17.8 KB
│ ├─ 📁 project-skill-pairing
│ │ └─ 📝 SKILL.md Markdown 152L · 4.6 KB
│ ├─ 📁 save-game
│ │ └─ 📝 SKILL.md Markdown 134L · 4.6 KB
│ ├─ 📁 sdd
│ │ └─ 📝 SKILL.md Markdown 111L · 5.5 KB
│ └─ 📁 self-improving
│ ├─ 📋 _meta.json JSON 5L · 134 B
│ ├─ 📝 boundaries.md Markdown 59L · 2.2 KB
│ ├─ 📝 corrections.md Markdown 36L · 1.0 KB
│ ├─ 📝 learning.md Markdown 106L · 2.9 KB
│ ├─ 📝 memory-template.md Markdown 60L · 1014 B
│ ├─ 📝 memory.md Markdown 30L · 756 B
│ ├─ 📝 operations.md Markdown 144L · 3.4 KB
│ ├─ 📝 reflections.md Markdown 31L · 840 B
│ ├─ 📝 scaling.md Markdown 125L · 2.9 KB
│ ├─ 📝 setup.md Markdown 161L · 4.9 KB
│ └─ 📝 SKILL.md Markdown 217L · 6.6 KB
├─ 📁 references
│ ├─ 📁 hooks
│ │ └─ 📁 user-observation
│ │ ├─ 📜 handler.ts TypeScript 220L · 7.0 KB
│ │ └─ 📝 HOOK.md Markdown 59L · 1.5 KB
│ ├─ 📝 agents-template.md Markdown 103L · 5.5 KB
│ ├─ 📝 bootstrap-guide.md Markdown 203L · 9.5 KB
│ ├─ 📝 dynamic-personality-addon.md Markdown 253L · 7.4 KB
│ ├─ 📝 goals-template.md Markdown 54L · 2.3 KB
│ ├─ 📝 heartbeat-template.md Markdown 359L · 13.9 KB
│ ├─ 📝 identity-template.md Markdown 11L · 409 B
│ ├─ 📝 long-term-memory-template.md Markdown 22L · 778 B
│ ├─ 📝 memory-architecture-template.md Markdown 58L · 2.5 KB
│ ├─ 📝 memory-rules-addon.md Markdown 179L · 6.3 KB
│ ├─ 📝 soul-template.md Markdown 149L · 6.2 KB
│ ├─ 📝 user-template.md Markdown 22L · 505 B
│ └─ 📝 working-memory-template.md Markdown 35L · 1.0 KB
├─ 📁 scripts
│ ├─ 📁 memory-optimization
│ │ ├─ 📜 memory-classifier.js JavaScript 270L · 7.9 KB
│ │ ├─ 📜 memory-decay.js JavaScript 366L · 10.2 KB
│ │ ├─ 📜 memory-dedup.js JavaScript 346L · 10.1 KB
│ │ ├─ 📜 memory-health-check.js JavaScript 354L · 10.8 KB
│ │ ├─ 📜 memory-index-builder.js JavaScript 335L · 10.4 KB
│ │ └─ 📜 merge-daily-transcript.js JavaScript 352L · 9.1 KB
│ └─ 🐍 preflight_check.py Python 254L · 7.3 KB
├─ 📋 _meta.json JSON 12L · 660 B
├─ 📝 README.md Markdown 220L · 8.5 KB
├─ 📝 README.zh-CN.md Markdown 127L · 3.3 KB
└─ 📝 SKILL.md Markdown 1240L · 45.0 KB

依赖分析 4 项

包名版本来源已知漏洞备注
openclaw >=2026.3.0 external CLI Runtime dependency only; not bundled
python3 any system Standard library only; no pip dependencies
node any system Standard library only; no npm dependencies
git any system Used for workspace version control

安全亮点

✓ No base64-encoded payloads, eval() calls, or obfuscated code found anywhere in the codebase
✓ No credential harvesting — API keys are written to shell profiles only after user pastes them during interactive setup (consent-based)
✓ No data exfiltration — memory data stays local in workspace; external API calls are for read-only social feed polling
✓ EvoClaw has strong governance: workspace boundary checks (check_workspace.py), pre/post-change validation (validate_soul.py), append-only logs
✓ No ~/.ssh, ~/.aws, .env, or similar sensitive paths are accessed
✓ No curl|bash or wget|sh remote script execution patterns
✓ No cron job persistence for malicious purposes — only legitimate heartbeat, memory归档, and git commit tasks
✓ All validators (check_workspace.py, validate_*.py) use only Python standard library with no external dependencies
✓ fallback/evoclaw/config.json marked sensitive is a false positive — no real secrets stored
✓ Self-improving skill explicitly scopes itself to ~/self-improving/ with clear security boundaries