安全决策报告
clawclone
ClawClone skill documents backup of API keys and tokens with cloud upload capability, but the implementation file (clawclone.mjs) is missing, making it impossible to verify actual behavior.
最直接的威胁证据
高危 文档欺骗
Missing implementation file SKILL.md references 'clawclone.mjs' for all operations, but this file does not exist in the skill directory. Unable to verify actual functionality.
SKILL.md:1 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 2 项高危或严重发现。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
风险分是怎么被拉高的
Missing implementation file +15
SKILL.md references clawclone.mjs but file does not exist in repository
Documented credential backup +15
SKILL.md explicitly states 'Config: Optional: API keys and tokens' can be included in backups
Cloud upload with external API +10
CLAWCLONE_API_KEY enables cloud operations to clawclone.cc
Hardcoded API key placeholder +5
SKILL.md:209 shows API_KEY='your_clawclone_api_key' example
最关键的证据
高危 文档欺骗
Missing implementation file
SKILL.md references 'clawclone.mjs' for all operations, but this file does not exist in the skill directory. Unable to verify actual functionality.
SKILL.md:1 Request implementation files before using this skill. Cannot verify stated functionality without code.
高危 凭证窃取
Documented credential backup capability
SKILL.md explicitly states 'Config: Optional: API keys and tokens (if configured)' can be included in backups and uploaded to cloud.
SKILL.md:23 Remove credential backup capability or provide verifiable safeguards. Users should never backup credentials automatically.
中危 文档欺骗
Undeclared shell execution
SKILL.md documents node command execution but shell:WRITE permission is not declared in the metadata.
SKILL.md:6 Declare shell:WRITE permission if subprocess execution is required.
低危 敏感访问
Hardcoded API key placeholder
SKILL.md contains example with hardcoded API key placeholder at line 209.
SKILL.md:209 Use placeholder text like <YOUR_API_KEY> instead of 'your_clawclone_api_key' to avoid accidental credential exposure.
声明能力 vs 实际能力
文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:8 'write: ~/.openclaw/' 网络访问 阻止
声明 READ
→ 推断 WRITE
SKILL.md:9 'network: https' but upload operations implied 命令执行 阻止
声明 NONE
→ 推断 WRITE
SKILL.md documents node clawclone.mjs execution 可疑产物与外联
高危 API 密钥
API_KEY="your_clawclone_api_key" SKILL.md:209
中危 外部 URL
https://clawclone.cc SKILL.md:3
中危 外部 URL
https://clawclone.cc/dashboard/settings SKILL.md:49
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| node | >=16.0.0 | system | 否 | System dependency, not a package manager dependency |
文件构成
2 个文件 · 231 行
Markdown 1 个文件 · 220 行JSON 1 个文件 · 11 行
需关注文件 · 1
SKILL.md Missing implementation file · Documented credential backup capability · Undeclared shell execution · Hardcoded API key placeholder · API_KEY="your_clawclone_api_key" · https://clawclone.cc · https://clawclone.cc/dashboard/settings
其他文件 · package.json
安全亮点
SKILL.md is well-structured and documents functionality clearly
Test mode (--test flag) available for safe preview before operations
Local operations don't require API key - cloud features are optional
Pre-restore backups created automatically at ~/.openclaw/backup