by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This package is a legitimate QuecPython Modbus IoT template but contains sensitive behaviours you should explicitly handle before deployment: 1) Change URL_REPORT and URL_OTA in config/config.py to your trusted endpoints — the template defaults point to the vendor and will receive IMEI/IMSI, cell info, and sensor data. 2) Review the OTA flow (data_reporter.run_ota) — it will download files and call firmware update and reboot; only allow OTA from trusted servers. 3) Backup your device and test in...详细分析 ▾
✓ 用途与能力
Name/description (QuecPython Modbus IoT framework) matches the shipped code and runtime instructions: Modbus RTU, sensor management, 4G/network management, HTTP/HTTPS reporting, and OTA. No unrelated capabilities (e.g., cloud providers, AWS creds) are requested.
ℹ 指令范围
SKILL.md instructs copying the template into a project and deploying eight .py files to the device's /usr directory, editing config/config.py, and running on a QuecPython device. Those actions are appropriate for the stated purpose, but the runtime behavior includes collecting IMEI/IMSI and network info and posting them to URL_REPORT/URL_OTA (defaults point to the vendor). Ensure those endpoints are changed to trusted endpoints before use.
✓ 安装机制
No install spec or external downloads are used by the skill bundle. It is an instruction-and-template package with local file copying; no remote packages, URL downloads, or binary installation were specified in the manifest.
ℹ 凭证需求
The skill does not request environment variables or external credentials. However, the code collects and transmits device identifiers (IMEI, IMSI, CCID) and detailed network/sensor data to the configured report/OTA URLs. The default URLs in the template point to the vendor — leaving defaults would leak device identifiers/data and permit remote OTA updates. These behaviors are expected for an IoT reporting/OTA framework but are sensitive and must be configured to trusted endpoints.
ℹ 持久化与权限
Skill flags are normal (always: false, agent-autonomy allowed). The SKILL.md asks you to copy files to the device /usr directory — this modifies the device filesystem and could overwrite existing modules. That is typical for deploying firmware scripts to QuecPython, but you should backup device files and ensure correct permissions before deploying.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/28
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install tianjin-anxinhuarui-gas-monitoring-iot
镜像加速npx clawhub@latest install tianjin-anxinhuarui-gas-monitoring-iot --registry https://cn.longxiaskill.com