openclaw-cn-installer 安全扫描报告 — 低风险 | ClawSafe

30 /100

openclaw-cn-installer

OpenClaw 中文安装配置助手。一键检测环境、配置国产 AI 模型（DeepSeek/智谱/阿里通义）。

Undeclared shell execution via execSync in check-env.js and undocumented API key handling in setup-ai.js are minor documentation flaws without malicious intent, but they fall short of proper disclosure standards.

技能名称openclaw-cn-installer

分析耗时51.3s

引擎pi

✓

可以安装

Document execSync usage and API key handling in SKILL.md. Consider using Node.js built-ins (dns module, https.request) instead of spawning shell curl processes for environment checks.

安全发现 4 项

严重性	安全发现	位置
中危	Undeclared shell execution via execSync 文档欺骗 check-env.js uses child_process.execSync to run 'npm config get registry', 'curl -s ...', and 'which <cmd>' commands. SKILL.md only mentions '自动检测 Node.js、系统、网络环境' without specifying that shell commands are executed. This creates a doc-to-code mismatch where the actual execution method is hidden. `const registry = execSync('npm config get registry', { encoding: 'utf-8' }).trim();` → Declare shell command usage explicitly in SKILL.md or replace execSync with pure Node.js alternatives (e.g., dns.resolve for connectivity checks).	`check-env.js:42`
中危	Undocumented API key collection and local storage 文档欺骗 setup-ai.js prompts the user interactively for API keys and saves them to ~/.openclaw/.env via fs.writeFileSync. SKILL.md does not mention this credential-handling behavior at all. While the pattern is legitimate for a configuration tool, the complete absence of disclosure is a documentation failure. `fs.writeFileSync(envFile, content + '\n');` → Add a 'Credential Handling' section to SKILL.md explicitly describing that API keys are collected interactively and stored in ~/.openclaw/.env.	`setup-ai.js:47`
低危	Network requests to third-party APIs not declared 文档欺骗 test-connection.js makes HTTPS POST requests to DeepSeek, Zhipu, and Alibaba Qianwen API endpoints to test connectivity. SKILL.md mentions '测试 API 连接' but does not explicitly declare outbound network requests to these specific providers. `const options = { hostname: config.url, port: 443, path: config.path, method: 'POST', ... }` → Add network:READ to the declared capability set in SKILL.md and list the specific API endpoints that are accessed.	`test-connection.js:60`
低危	Undocumented filesystem path access 文档欺骗 The skill reads and writes to ~/.openclaw/ directory (config.json, .env) but SKILL.md does not declare filesystem:WRITE permission or list the specific paths accessed. The FAQ section mentions these paths only in passing. `const openclawDir = path.join(os.homedir(), '.openclaw');` → Add ~/.openclaw/config.json and ~/.openclaw/.env to the declared filesystem access in SKILL.md.	`setup-ai.js:17`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	check-env.js:42 execSync('npm config get registry')
命令执行	`NONE`	`WRITE`	✗ 越权	check-env.js:47 execSync('curl -s --connect-timeout 3 https://registry.npmmirror…
命令执行	`NONE`	`WRITE`	✗ 越权	check-env.js:58-62 execSync('which git/curl/python3') in loop
文件系统	`NONE`	`WRITE`	✓ 一致	setup-ai.js:47 fs.writeFileSync(envFile, ...) saves API keys to ~/.openclaw/.env…
文件系统	`NONE`	`WRITE`	✓ 一致	setup-ai.js:58 fs.writeFileSync(configFile, ...) writes ~/.openclaw/config.json …
文件系统	`NONE`	`READ`	✓ 一致	setup-ai.js:36 fs.readFileSync(envFile, 'utf-8') reads ~/.openclaw/.env — legiti…
网络访问	`NONE`	`READ`	✓ 一致	test-connection.js:60-90 makes HTTPS POST requests to api.deepseek.com, open.big…
环境变量	`NONE`	`READ`	✓ 一致	setup-ai.js:36-45 and test-connection.js:31-41 parse and read .env file content …

10 项发现

🔗

中危外部 URL 外部 URL

https://platform.deepseek.com

SKILL.md:93

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai

SKILL.md:107

🔗

中危外部 URL 外部 URL

https://discord.com/invite/clawd

SKILL.md:108

🔗

中危外部 URL 外部 URL

https://registry.npmmirror.com$

check-env.js:54

🔗

中危外部 URL 外部 URL

https://registry.npmmirror.com

check-env.js:62

🔗

中危外部 URL 外部 URL

https://api.deepseek.com

setup-ai.js:20

🔗

中危外部 URL 外部 URL

https://open.bigmodel.cn/api/paas/v4

setup-ai.js:28

🔗

中危外部 URL 外部 URL

https://open.bigmodel.cn

setup-ai.js:31

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

setup-ai.js:36

🔗

中危外部 URL 外部 URL

https://dashscope.console.aliyun.com

setup-ai.js:39

目录结构

5 文件 · 15.1 KB · 585 行

JavaScript 3f · 425L Markdown 1f · 124L JSON 1f · 36L

├─ 📜 check-env.js JavaScript 102L · 3.3 KB

├─ 📋 package.json JSON 36L · 821 B

├─ 📜 setup-ai.js JavaScript 169L · 4.1 KB

├─ 📝 SKILL.md Markdown 124L · 2.9 KB

└─ 📜 test-connection.js JavaScript 154L · 4.0 KB

安全亮点

✓ No base64-encoded payloads or obfuscated code found anywhere in the codebase

✓ No reverse shells, C2 infrastructure, or data exfiltration endpoints detected

✓ No attempts to access sensitive credential paths like ~/.ssh, ~/.aws, or system keychains

✓ API keys are stored locally in a standard dotfile (~/.openclaw/.env) rather than transmitted elsewhere

✓ HTTPS is used exclusively for all network requests; no plain HTTP or direct IP connections observed

✓ No supply chain risks: package.json has no external runtime dependencies (no require() calls for external packages)

✓ Interactive API key collection prevents accidental hardcoding of credentials in source

✓ Script shebang lines (#!/usr/bin/env node) are appropriate for a Node.js CLI tool