registry  /  openclaw-weiyuan-init  /  1.0.133

openclaw-weiyuan-init@1.0.133

OpenClaw Weiyuan Skill 一键初始化工具

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 18 file(s), 691 KB of source, external domains: a.example.com, api.magon.com.cn, b.example.com, www.magon.com.cn

Source & flagged code

1 flagged · loading source
lib/commands.jsView file
4const fs = require('fs-extra'); L5: const axios = require('axios'); L6: const { execFile } = require('child_process'); L7: const { promisify } = require('util'); ... L13: const execFileAsync = promisify(execFile); L14: const NPM_BIN = process.platform === 'win32' ? 'npm.cmd' : 'npm'; L15: const NPX_BIN = process.platform === 'win32' ? 'npx.cmd' : 'npx'; ... L31: name: 'weiyuan-skill-runtime', L32: private: true, L33: version: '0.0.0', ... L73: function bundledSkillMetadataPath(fileName) { L74: return path.join(__dirname, '..', 'workspace-weiyuan', 'weiyuan', fileName);
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/commands.jsView on unpkg · L4

Findings

1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitylib/commands.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License