AssetClaw 资产管理系统
Security checks across static analysis, malware telemetry, and agentic risk
Overview
AssetClaw is a coherent asset-management integration, but its helper script handles credentials and high-impact API writes in ways that need review before use.
Only install this skill if you trust the AssetHub server and can configure a secure HTTPS API URL. Use a least-privileged account rather than a super-admin account, avoid raw arbitrary request paths, and confirm that credential/session files in /tmp are protected and deleted when no longer needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or accidental request could leak the session token to another host or make calls outside the intended service boundary.
The request helper accepts absolute URLs and still attaches the AssetHub bearer token, so a mistaken or injected target could receive the token outside the intended AssetHub API.
if [[ "$raw" =~ ^https?:// ]]; then ... printf '%s\n' "$raw" ... curl_args=( ... -H "Authorization: Bearer $token" ... )
Reject absolute URLs in the helper, restrict requests to the configured AssetHub host, and never attach AssetHub authorization headers to non-AssetHub origins.
Deletes, approvals, restores, configuration changes, or other writes could complete without the user explicitly reviewing the second confirmation.
The documentation says the helper automatically replays write requests with the risk-confirmation token, bypassing a separate user-visible confirmation step for potentially destructive operations.
普通端点触发二次确认时,helper 脚本会自动重放并带上 `X-Risk-Confirm-Token`
Require explicit user approval before replaying risk-confirmation tokens, especially for delete, approval, backup-restore, role, tenant, and system-configuration operations.
If the local machine is shared or compromised, another process or later session may be able to read or tamper with AssetHub credentials or session state.
The skill instructs the agent to persist plaintext credentials and later bearer-token session context in predictable local temporary files.
Agent 将用户名和密码写入本地临时会话文件 `/tmp/assethub-claw-temp-session.json` ... 登录成功后 Token 和租户上下文自动保存到会话文件
Use a secure credential store or restrictive 0600 file permissions, delete the password file immediately after login, set session expiry, and clearly document logout cleanup.
Credentials and bearer tokens could be exposed to network observers if used outside a trusted isolated network.
The default login flow sends username/password credentials to a plain HTTP API endpoint unless the user overrides the base URL.
API_URL="${ASSETHUB_API_URL:-http://192.168.1.111:5183/api}" ... curl -sS -X POST "$(normalize_url /users/login)" ... --data-binary "{\"username\":\"${username}\",\"password\":\"${password}\"}"Require an HTTPS AssetHub API URL by default, or force an explicit user confirmation before sending credentials over HTTP.
Users may not realize before installation that they need local shell tooling and AssetHub account credentials.
The registry metadata under-declares the helper's runtime expectations and credential use, even though the docs and script require account login and shell tooling.
Required binaries: none ... Env var declarations: none ... Primary credential: none
Declare required binaries, optional environment variables, and the AssetHub credential requirement in the registry metadata.