qwen-portal-auth-helper 安全扫描报告 — 可信 | ClawSafe

5 /100

qwen-portal-auth-helper

Automate qwen-portal OAuth authentication - solves interactive TTY problem with tmux

Legitimate OpenClaw OAuth automation utility with no malicious indicators - all capabilities align with documented purpose.

技能名称qwen-portal-auth-helper

分析耗时33.4s

引擎pi

✓

可以安装

This skill is safe for use. Continue standard deployment practices.

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	index.js:execSync, scripts/*.sh
文件系统	`READ/WRITE`	`READ/WRITE`	✓ 一致	reset-task-state.py:~/.openclaw/cron/jobs.json
网络访问	`READ`	`READ`	✓ 一致	get-qwen-oauth-link.sh:openclaw CLI
技能调用	`YES`	`YES`	✓ 一致	SKILL.md:integration documentation

9 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/qwen-portal-auth-helper

PUBLISH_GUIDE.md:229

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue.svg

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-1.0.0-green.svg

README.md:7

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/license-MIT-blue.svg

README.md:8

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/based%20on-2026--03--09%20experience-orange.svg

README.md:9

🔗

中危外部 URL 外部 URL

https://chat.qwen.ai/authorize?user_code=M17WU0SC

README.md:48

🔗

中危外部 URL 外部 URL

https://chat.qwen.ai/authorize?user_code=XXXXXXX&client=qwen-code

SKILL.md:168

🔗

中危外部 URL 外部 URL

https://chat.qwen.ai/authorize?user_code=M17WU0SC&client=qwen-code

examples/quick-recovery.md:37

🔗

中危外部 URL 外部 URL

https://chat.qwen.ai/authorize[^

scripts/get-qwen-oauth-link.sh:67

目录结构

10 文件 · 58.5 KB · 2066 行

Markdown 4f · 980L Shell 2f · 557L JavaScript 1f · 346L JSON 2f · 104L Python 1f · 79L

├─ ▾ 📁 examples

│ └─ 📝 quick-recovery.md Markdown 171L · 4.5 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 check-qwen-auth.sh Shell 271L · 8.0 KB

│ ├─ 🔧 get-qwen-oauth-link.sh Shell 286L · 7.4 KB

│ └─ 🐍 reset-task-state.py Python 79L · 2.5 KB

├─ 📋 _meta.json JSON 74L · 2.5 KB

├─ 📜 index.js JavaScript 346L · 9.1 KB

├─ 📋 package.json JSON 30L · 852 B

├─ 📝 PUBLISH_GUIDE.md Markdown 253L · 7.6 KB

├─ 📝 README.md Markdown 166L · 5.1 KB

└─ 📝 SKILL.md Markdown 390L · 11.0 KB

安全亮点

✓ No credential harvesting or exfiltration - skill only reads/writes OpenClaw's own configs

✓ No base64 encoding or obfuscation detected

✓ No remote script execution (curl|bash patterns)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ All shell commands are local to openclaw CLI tool

✓ No reverse shell or C2 communication patterns

✓ Uses tmux for legitimate TTY workaround (documented technique)

✓ Reports/logs stored in /tmp (standard temporary location)

✓ Clean, well-documented codebase with clear purpose

✓ MIT license, open source with GitHub repository