安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Before installing or enabling this skill, consider the following: (1) It requires BAAS_MANAGE_TOKEN (an admin/manage credential). Provide a least-privilege key if possible — avoid giving a full admin token. (2) The skill's runtime will copy config files with that token into project folders and suggests embedding API keys in client-side code and uploads; those files can be accidentally committed or published. (3) The skill instructs global system changes (curl|bash to install nvm, npm -g install,...详细分析 ▾
ℹ 用途与能力
The name/description (AiPexBase BaaS front-end / end-to-end app creation) aligns with requesting BAAS_BASE_URL and an admin/management token (BAAS_MANAGE_TOKEN). The primaryEnv matches the declared purpose. Minor inconsistency: guidance points users to register at https://www.codeflying.net while config.json contains baseUrl https://baas.kuafuai.net/baas-api — two different domains are referenced without explanation.
⚠ 指令范围
Runtime instructions tell the agent to read the skill's config.json and copy it into project directories (baas-config.json) and to perform fully automated new-app and iteration steps "无须向用户确认" (no confirmation). The skill explicitly instructs global environment changes (install nvm via curl|bash, npm -g install aipexbase-cli, sudo apt-get install zip). Copying a management token into project dirs and automating app creation/table creation with that token increases risk of credential exposure and unintended resource changes. The README otherwise limits user confirmation to deployment, but automated creation still happens earlier.
ℹ 安装机制
No formal install spec (instruction-only) — lowers static footprint. However SKILL.md instructs running external install commands: curl https://raw.githubusercontent.com/... | bash (nvm installer), npm i -g aipexbase-cli, and apt-get install zip (with sudo). These are common but carry moderate risk: piping remote scripts into shell and global npm installs can change system state and install arbitrary code if upstream is compromised.
⚠ 凭证需求
Only two env values are required (BAAS_MANAGE_TOKEN, BAAS_BASE_URL), which is consistent with a management CLI. But BAAS_MANAGE_TOKEN is described as an administrator/manage token — a high-privilege secret. The instructions encourage copying the global config containing this token into project directories (baas-config.json), which can leak the token (committed to source, uploaded, or exposed in build artifacts). The skill also uses localStorage tokens in frontend examples and custom upload headers (CODE_FLYING) that rely on API keys being embedded in client-side artifacts — this further increases exposure risk. Requesting an admin token is proportionate only if the user understands and consents to granting that level of access; the skill's automation and copying behavior makes accidental overexposure likely.
ℹ 持久化与权限
The skill is not always: true and does not request to modify other skills or system-wide settings. It does, however, instruct creating files under project directories (baas-config.json) and recommends copying sensitive config into per-project folders. Autonomous invocation is allowed by default (agent can act without each explicit user confirmation) — combined with the admin-level token and the skill's stated "no confirmation for app creation" policy, this increases blast radius if the skill is run autonomously.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/4/13
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install baas
镜像加速npx clawhub@latest install baas --registry https://cn.longxiaskill.com