安全决策报告
huo15-memory-evolution
Critical: hardcoded API key exposed in source code at scripts/dream.sh:79 enables unauthorized API usage if repository is accessed.
最直接的威胁证据
严重 凭证窃取
Hardcoded API Key in Source Code A MiniMax API key is hardcoded in plain text at scripts/dream.sh:79. This key is visible to anyone with repository access and could be extracted and misused if the repo is public, shared, or leaked.
scripts/dream.sh:79 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Attacker gains read access to repository (public repo, insider threat, or leaked credentials)
reconnaissance · N/A
02
Attacker extracts hardcoded API key from scripts/dream.sh:79
exploitation · scripts/dream.sh:79
03
Attacker uses extracted API key to make unauthorized calls to MiniMax API at api.minimaxi.com, incurring costs to the victim's account
最终危害 · N/A
风险分是怎么被拉高的
Exposed API Key in Source Code +40
API_KEY hardcoded in plain text at dream.sh:79 - credential exposure if repo is accessed or shared
Undeclared Network Access +15
POST to api.minimaxi.com not declared in SKILL.md capabilities
Credential Transmission Risk +10
API key sent in Authorization header to external service without declared intent
最关键的证据
严重 凭证窃取
Hardcoded API Key in Source Code
A MiniMax API key is hardcoded in plain text at scripts/dream.sh:79. This key is visible to anyone with repository access and could be extracted and misused if the repo is public, shared, or leaked.
scripts/dream.sh:79 Replace with environment variable: API_KEY="${MINIMAX_API_KEY}" and require user to set it. Rotate the exposed key immediately.
高危 文档欺骗
Undeclared Network Access
The SKILL.md makes no mention of network access. The dream.sh script makes HTTP POST requests to api.minimaxi.com, transmitting the API key as Bearer authentication.
scripts/dream.sh:89 Declare network:WRITE capability in SKILL.md and explain the LLM integration purpose.
中危 敏感访问
Undeclared Filesystem Write to ~/.openclaw/
Multiple scripts (install.sh, migrate.sh, batch-install.sh) write to $HOME/.openclaw/workspace and related directories without explicit declaration in SKILL.md.
scripts/install.sh:53 Add filesystem:WRITE to declared capabilities in SKILL.md with explanation of target paths.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 WRITE
install.sh, migrate.sh, batch-install.sh write to ~/.openclaw/ without explicit declaration 网络访问 阻止
声明 NONE
→ 推断 WRITE
dream.sh:89 - curl POST to api.minimaxi.com with API key 环境变量 通过
声明 NONE
→ 推断 READ
OC_AGENT_ID environment variable read for routing - legitimate behavior documented 可疑产物与外联
高危 API 密钥
API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-S2j4mfOT8RGKUY" scripts/dream.sh:79
中危 外部 URL
https://api.minimaxi.com/v1/text/chatcompletion_v2 scripts/dream.sh:80
依赖与供应链
没有结构化依赖告警。
文件构成
16 个文件 · 2108 行
Shell 8 个文件 · 1468 行Markdown 4 个文件 · 436 行JSON 2 个文件 · 113 行JavaScript 1 个文件 · 65 行Text 1 个文件 · 26 行
需关注文件 · 2
scripts/install.sh Undeclared Filesystem Write to ~/.openclaw/
scripts/dream.sh Hardcoded API Key in Source Code · Undeclared Network Access · API_KEY="sk-cp-pD1WY6KcHeUNXDeKmG4ZnzDch-sXsZKmAsNn7rXZDoAbGwc7u6XJn55Z6GbgW3qngTC-i5geM4PzDwkaSj8sQUSk2TPPj-lrLc-Yamjn-S2j4mfOT8RGKUY" · https://api.minimaxi.com/v1/text/chatcompletion_v2
其他文件 · SKILL.md · migrate.sh · batch-install.sh · verify.sh · check-drift.sh · memory-types.json +4
安全亮点
Sensitive information isolation logic is well-designed (migrate.sh lines 118-146) - attempts to prevent cross-agent credential leakage
Snapshot/rollback mechanism provides safe recovery path
No evidence of reverse shell, C2, or covert data exfiltration channels
Cron job configuration is documented and optional