by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill is coherent with its stated purpose (running Claude in a PTY and syncing changes), but it contains a high-risk programming error: the script builds a shell command by interpolating the user-provided prompt directly into su -c "...". That makes it possible for specially crafted prompts or paths to execute arbitrary shell commands as the target user. Before installing or running this skill: (1) review the scripts locally — do not run it on production hosts; (2) run it in an isolated con...详细分析 ▾
ℹ 用途与能力
Name/description match the included script: PTY execution, auto-respond, file sync, and user switching. Minor metadata mismatch: registry metadata lists no required binaries, but documentation and clawhub.json require the 'claude' tool to be installed and in PATH.
⚠ 指令范围
Runtime instructions and the script operate on arbitrary project directories, copy them to a temp dir, change ownership, run a shell command that includes the user-supplied prompt, and sync modifications back — all expected for this use case but risky. Critically, the command is built into a single shell -c string with the raw prompt interpolated (f'... claude --print "{prompt}" ...'), enabling shell injection if the prompt or path contains special characters. The skill also requires root/sudo to chown and switch users, so a malicious or malformed prompt could execute arbitrary commands as the target user.
✓ 安装机制
Instruction-only skill (no install spec). SKILL.md instructs cloning a GitHub repo and marking the script executable — standard for an instruction-only package. No downloads from unknown hosts or archives are present in the registry metadata.
ℹ 凭证需求
No required environment variables or credentials are declared. Optional env vars (CLAUDE_CODE_USER, CLAUDE_CODE_TIMEOUT) are documented but not required. The need for root/sudo to change ownership and perform user switching is legitimate given the feature set, but requesting that privilege increases risk and should be minimized.
✓ 持久化与权限
Skill does not request persistent installation or always:true. It needs elevated privileges at runtime (root/sudo) to perform chown and su operations, which is a normal requirement for user-switching but raises risk if run on sensitive systems.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/27
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install claude-code-runner
镜像加速npx clawhub@latest install claude-code-runner --registry https://cn.longxiaskill.com