Skill Trust Decision

Setup Multi Gateway

Name: Setup Multi Gateway Trust Review Report
Item: Setup Multi Gateway
Rating: 35
Author: ClawSafe

技能存在硬编码API密钥和未声明的凭证注入行为，属于阴影功能

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 5

Artifacts 4

Violations 2

Findings 3

Most direct threat evidence

Critical Credential Theft

硬编码API密钥

mg-wizard.cjs 第36行硬编码了完整的 API 密钥 'sk-sp-319b5ed947404131b3b12e5211592b46'，这是高危IOC

mg-wizard.cjs:36

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

用户安装技能伪装成合法的多网关配置工具

Entry · SKILL.md:1

硬编码API密钥注入到新网关配置

Escalation · mg-wizard.cjs:509

新创建的网关使用相同的硬编码密钥，造成凭证外泄风险

Impact · mg-wizard.cjs:36

What drove the risk score up

硬编码API密钥 +35

mg-wizard.cjs:36 硬编码 sk-sp-319b5ed947404131b3b12e5211592b46

阴影功能-凭证注入 +20

代码自动将API_KEY注入models.json，SKILL.md未声明此行为

凭证外泄风险 +10

新创建的网关都会使用硬编码密钥，密钥可能被传播

Most important evidence

Critical Credential Theft

硬编码API密钥

mg-wizard.cjs 第36行硬编码了完整的 API 密钥 'sk-sp-319b5ed947404131b3b12e5211592b46'，这是高危IOC

mg-wizard.cjs:36

必须移除硬编码密钥，改用环境变量或用户输入

High Doc Mismatch

未声明的凭证注入行为

代码会自动将硬编码的 API_KEY 注入到新生成的 models.json 配置中，但 SKILL.md 完全没有提及此行为

mg-wizard.cjs:509

此行为必须显式声明，并说明凭证来源和用途

High Priv Escalation

未声明的Shell执行权限

代码使用 execSync 执行 systemctl、systemd 等高权限命令进行服务管理，但 SKILL.md 未声明需要这些权限

mg-wizard.cjs:142

在 SKILL.md 中声明需要 shell:WRITE 权限用于服务管理

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

mg-wizard.cjs:310 复制配置文件到 ~/.openclaw

Shell Block

Declared NONE

→

Inferred WRITE

mg-wizard.cjs:142 execSync 执行 systemctl/systemd 命令

Suspicious artifacts and egress

High API Key

API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46'

mg-wizard.cjs:36

Medium External URL

https://clawhub.com/skills/feishu-agent-send

README.md:9

Medium External URL

https://docs.openclaw.ai

README.md:256

Medium External URL

https://clawhub.com

README.md:257

Dependencies and supply chain

There are no structured dependency warnings.

File composition

5 files · 1968 lines

JavaScript 1 files · 1403 linesMarkdown 3 files · 555 linesJSON 1 files · 10 lines

Files of concern · 2

mg-wizard.cjs JavaScript · 1403 lines

硬编码API密钥 · 未声明的凭证注入行为 · 未声明的Shell执行权限 · API_KEY = 'sk-sp-319b5ed947404131b3b12e5211592b46'

README.md Markdown · 263 lines

https://clawhub.com/skills/feishu-agent-send · https://docs.openclaw.ai · https://clawhub.com

Other files · SKILL.md · CHANGELOG.md · _meta.json

Security positives

代码结构清晰，分步骤执行

包含回滚机制（rollback函数）

有前置检查和验证逻辑