Gangtise知识库
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: gangtise-knowledgebase Version: 1.4.1 The skill bundle contains a high-risk self-update mechanism in `scripts/update.sh` that performs a `rm -rf` on its own directory and replaces it with content downloaded from a remote Huawei Cloud OBS bucket (`gts-download.obs.myhuaweicloud.com`). Additionally, `scripts/utils.py` implements broad filesystem traversal logic (`_find_openclaw_root`) to locate agent workspace directories and manages sensitive API credentials/tokens. While these features appear intended for legitimate maintenance and integration with the Gangtise financial data service, the capability for remote code replacement and automated path discovery constitutes a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote archive or update channel is compromised, new unreviewed code could be installed and then receive the user’s Gangtise authorization.
The updater deletes the installed skill, downloads a replacement archive from a remote object-storage URL, unzips it without a checksum/signature check, and restores the local authorization file into the updated skill.
rm -rf "${SKILL_NAME}"; curl -L "https://gts-download.obs.myhuaweicloud.com/skills/${SKILL_NAME}.zip" -o "${TMP_ZIP}"; unzip -o "${TMP_ZIP}"; cp "${AUTH_BACKUP}" "${SCRIPT_DIR}/.authorization"Do not run update.sh automatically. Verify the update source and integrity, review the replacement code, and avoid restoring credentials into unverified code.
A malformed or malicious download response could cause files to be written outside the expected download folder or overwrite local files under the agent’s user permissions.
Downloaded filenames are derived from HTTP response headers and joined to a target directory before writing, with no shown resolved-path check that the final path remains inside the intended workspace.
file_name = unquote(response.headers["Content-Disposition"].split("filename=")[1]); output = os.path.join(output_dir, file_name); ... with open(output, "wb") as f: f.write(response.content)Use basename/strict filename sanitization, resolve the final path, enforce that it stays under the intended output directory, and avoid overwriting existing files without user confirmation.
The skill can access Gangtise internal knowledge-base content allowed by the configured token or keys.
The skill uses Gangtise access keys, secret keys, long-term tokens, or a local .authorization file to authenticate API calls.
GTS_ACCESS_KEY = os.getenv("GTS_ACCESS_KEY", None); GTS_SECRET_KEY = os.getenv("GTS_SECRET_KEY", None); GTS_LONG_TERM_TOKEN = os.getenv("GTS_LONG_TERM_TOKEN", None); GTS_AUTHORIZATION_PATH = os.path.join(..., ".authorization")Use a least-privilege Gangtise credential, protect scripts/.authorization, and ensure the registry documentation clearly states the credential requirements.
Internal document snippets or downloaded files may persist locally after the task and could be reused or exposed later if the workspace is shared.
The skill can save retrieved search results and download full files into the local Gangtise workspace or a chosen output directory.
`-o` / `--output` ... 默认保存在gangtise工作目录下的 `kb/kb_x.md` ...; `-d` / `--download` | 否 | 是否下载文件。
Store outputs only in controlled locations, avoid downloading more than needed, and delete sensitive retrieved documents when no longer required.