qclaw-watchdog 安全扫描报告 — 高风险 | ClawSafe

65 /100

qclaw-watchdog

QClaw Watchdog - Monitors and auto-restarts QClaw when issues are detected

Hardcoded Feishu API credentials exposed in config.json combined with undocumented shell execution for process and application control operations.

技能名称qclaw-watchdog

分析耗时28.5s

引擎pi

⛔

不要安装此技能

Remove hardcoded credentials from config.json immediately. Use environment variables for all sensitive configuration. Document shell execution capabilities in SKILL.md. Add update.sh and publish.sh files referenced in documentation.

安全发现 5 项

严重性	安全发现	位置
严重	Hardcoded Feishu API Credentials in config.json config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API. `"app_secret": "jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L"` → Remove credentials from config.json. Use environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) instead. Add config.json to .gitignore.	`config.json:3`
高危	Undocumented Shell Command Execution SKILL.md does not declare the use of shell execution via child_process.exec. The code executes pgrep, open, osascript, and pkill commands to manage the QClaw application. `const { stdout } = await execPromise('pgrep -f QClaw')` → Document shell:WRITE capability in SKILL.md or use Node.js APIs like process.kill() instead of exec.	`watchdog.js:81`
高危	Application Control via osascript Uses osascript to send AppleScript commands to quit applications, which could be extended to control any application on macOS. `execPromise('osascript -e \'tell application "QClaw" to quit\'')` → Document the scope of application control. Consider restricting to known applications only.	`watchdog.js:228`
中危	Missing Referenced Scripts SKILL.md references update.sh and publish.sh scripts that do not exist in the repository. `./update.sh --check` → Implement or remove references to update.sh and publish.sh scripts.	`SKILL.md:90`
低危	Extended Check Interval config.json sets check_interval_ms to 18000000 (5 hours), which may not match the documented default of 180000 (3 minutes). `"check_interval_ms": 18000000` → Align with documented defaults or update documentation.	`config.json:15`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✗ 越权	watchdog.js:67 fs.appendFileSync(LOG_FILE)
命令执行	`NONE`	`WRITE`	✗ 越权	watchdog.js:81 execPromise('pgrep -f QClaw'), watchdog.js:228 execPromise('open …
网络访问	`NONE`	`READ`	✓ 一致	watchdog.js:115 fetch(QCLAW_HEALTH_URL), Feishu WebSocket/SDK calls
环境变量	`NONE`	`READ`	✓ 一致	watchdog.js:25-34 process.env reads for config

3 项发现

🔗

中危外部 URL 外部 URL

http://127.0.0.1:28789/health

SKILL.md:46

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/

SKILL.md:205

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1

SKILL.md:226

目录结构

6 文件 · 25.4 KB · 855 行

JavaScript 1f · 522L Markdown 1f · 239L Shell 2f · 74L JSON 1f · 19L Text 1f · 1L

├─ 🔑 config.json ⚠ JSON 19L · 430 B

├─ 🔧 init-config.sh Shell 44L · 1.2 KB

├─ 📝 SKILL.md Markdown 239L · 5.6 KB

├─ 🔧 start.sh Shell 30L · 788 B

├─ 📄 version.txt Text 1L · 6 B

└─ 📜 watchdog.js JavaScript 522L · 17.4 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@larksuiteoapi/node-sdk`	`unpinned`	npm	否	SDK version not specified in package.json (no package.json found)

安全亮点

✓ Uses Lark SDK (@larksuiteoapi/node-sdk) instead of raw HTTP requests for Feishu integration

✓ No base64-encoded payloads or obfuscated code

✓ No suspicious network connections to unknown external IPs

✓ No credential exfiltration mechanisms observed

✓ Logging to separate files for audit trail