Skill Trust Decision

gpt-chat

Name: gpt-chat Trust Review Report
Item: gpt-chat
Rating: 65
Author: ClawSafe

发现多处文档未声明的阴影功能(server.js HTTP服务器、generate-article.js文件写入)，存在doc_deception特征但无明显恶意行为证据

Install decision first Source: ClawHub Scanned: Apr 6, 2026

Files 9

Artifacts 1

Violations 2

Findings 4

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

文档未声明HTTP服务器 +15

SKILL.md仅声明gpt.js但scripts/目录包含server.js提供未认证HTTP服务

文档未声明文件写入 +10

generate-article.js会写入ai-future-article.md到当前目录

使用外部代理 +5

gpt.js默认使用api.openai-proxy.org代理而非直连OpenAI

无版本锁定依赖 +5

package.json无依赖版本约束

Most important evidence

Medium Doc Mismatch

未声明的HTTP服务器

server.js提供本地HTTP服务监听3456端口，包含/chat、/set-model等端点，Access-Control-Allow-Origin:*允许跨域请求，无认证机制

scripts/server.js:47

如非必要功能建议删除；如需保留必须在文档明确声明并添加认证

Medium Doc Mismatch

未声明的文件写入操作

generate-article.js会将生成的Markdown文章写入当前工作目录的ai-future-article.md文件

scripts/generate-article.js:57

在SKILL.md中声明文件写入能力，说明输出文件路径

Low Supply Chain

依赖版本未锁定

package.json中无dependencies和devDependencies定义，任何依赖更新可能导致兼容性问题

package.json:1

补充完整依赖声明及版本范围

Low Doc Mismatch

测试脚本未声明

test.js、test-chat.js、test-key.js为测试文件，未在文档中说明

scripts/:1

测试脚本应移至test/目录或在README中说明

Declared capability vs actual capability

Network Block

Declared READ

→

Inferred WRITE

SKILL.md未声明server.js的HTTP服务端口3456

Filesystem Block

Declared NONE

→

Inferred WRITE

generate-article.js:57 fs.writeFileSync写入本地文件

Environment Pass

Declared READ

→

Inferred READ

gpt.js:7读取OPENAI_API_KEY

Suspicious artifacts and egress

Medium External URL

https://api.openai-proxy.org

scripts/gpt.js:11

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
无显式依赖	`N/A`	package.json	No	仅使用Node.js内置模块(fs, https, http, url, path)

File composition

9 files · 530 lines

JavaScript 6 files · 455 linesMarkdown 1 files · 60 linesJSON 2 files · 15 lines

Files of concern · 4

scripts/gpt.js JavaScript · 136 lines

https://api.openai-proxy.org

scripts/server.js JavaScript · 130 lines

未声明的HTTP服务器

scripts/generate-article.js JavaScript · 73 lines

未声明的文件写入操作

package.json JSON · 13 lines

依赖版本未锁定

Other files · SKILL.md · test-chat.js · test-key.js · test.js · state.json

Security positives

代码结构清晰，无明显混淆或恶意编码

环境变量读取符合声明(OPENAI_API_KEY)

未发现凭证收割、远程代码执行等高危行为

API调用逻辑正常，无C2通信特征