中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
invoice-verification-service
发票服务后端 v4 plugin 接口:key 初始化、额度查询、额度流水查询、发票文本或图片查验
A legitimate invoice verification service skill that calls backend v4 plugin APIs to init keys, query quota/ledger, and verify invoices, with no malicious behavior detected.
Skill Nameinvoice-verification-service
Duration34.7s
Enginepi
Safe to install
This skill is safe to use. No actionable security concerns.

Findings 2 items

Severity Finding Location
Low
Undeclared network access in tool metadata
SKILL.md metadata only declares shell and read_file tools, but the script performs HTTP requests to the backend API (network:READ). This is declared in SKILL.md documentation body (e.g., '调用 /api/v4/plugin/key/init') but not in the metadata block. Has no security impact as it is the core function.
metadata: {"openclaw":{"tools":["shell","read_file"]}}
→ Add 'network' to the tools list in metadata for completeness: tools: ['shell', 'read_file', 'network']
 SKILL.md:1
Low
Config file writeback not in tool metadata
The script writes the appKey, clientInstanceId, deviceFingerprint, and cipherKey to ~/.openclaw/invoice-skill/config.json. The SKILL.md metadata declares only 'read_file' (filesystem:READ) but not filesystem:WRITE. File write is limited to the skill's own config directory and is essential for the service to function.
fs.writeFileSync(CONFIG_FILE, JSON.stringify(next, null, 2), 'utf8')
→ The capability is low-risk and localized; add filesystem:WRITE to metadata if precision is desired
 scripts/invoice_service.js:64
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md:metadata.tools=['shell','read_file']; scripts/invoice_service.js is inv…
Filesystem READ WRITE ✓ Aligned scripts/invoice_service.js:49-52 reads config files; line 64 fs.writeFileSync pe…
Network NONE READ ✓ Aligned scripts/invoice_service.js:79-89 calls backend API endpoints (key/init, quota, l…
2 findings
🔗
Medium External URL 外部 URL
http://192.168.154.76:18888
README.md:15
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080
scripts/invoice_service.js:9

File Tree

4 files · 26.5 KB · 906 lines
JavaScript 1f · 709L Markdown 2f · 190L YAML 1f · 7L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 7L · 388 B
├─ 📁 scripts
│ └─ 📜 invoice_service.js JavaScript 709L · 19.3 KB
├─ 📝 README.md Markdown 64L · 2.3 KB
└─ 📝 SKILL.md Markdown 126L · 4.6 KB

Security Positives

✓ No subprocess/spawn calls in the script — the Node.js script is the primary execution target
✓ No credential harvesting from ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No base64-encoded payloads piped to shell, no eval(), no obfuscation
✓ No exfiltration of credentials — appKey and cipherKey are stored locally only
✓ No curl|bash or wget|sh remote script execution patterns
✓ No hidden instructions in HTML comments or strings
✓ Uses native Node.js fetch API for HTTP calls with proper error handling
✓ Validates image mime types and size limits (max 2MB, PNG/JPEG only)
✓ AppKey is masked in output (maskAppKey function shows only first 8 + last 4 chars)
✓ Legacy config fallback is read-only and only merges into current config
✓ Cipher key and device fingerprint are opaque identifiers, not user credentials
✓ Supports auto-retry with clientInstanceId rotation on INVALID_KEY — benign resilience behavior