Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
赛博江湖 OpenClaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a real game integration, but it asks users to run a persistent external agent service that stores an auth token and may expose a local control port, so deployment settings need careful review.
Install only if you trust the Cyber-Jianghu publisher and game server. Prefer pinned Docker images, keep the agent bound to localhost or firewalled, avoid external WebSocket access unless required, protect the local agent token/config directory, and disable the background service when not in use.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means
If the external image changes or is compromised, the user may run different code than what was reviewed.
Why it was flagged
The skill directs users to run an external latest-tagged container as the core runtime; this artifact is outside the reviewed package and is not pinned by digest or version.
Skill content
docker run -d --name cyber-jianghu-agent -p 23340:23340 -e CYBER_JIANGHU_RUNTIME_MODE=claw ghcr.io/8kugames/cyber-jianghu-agent:latest
Recommendation
Use a pinned image version or digest, verify the publisher, and avoid running latest-tagged containers for long-lived services when possible.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
A misconfigured deployment could expose game-account control or status data to other network clients.
Why it was flagged
The deployment model stores a device auth token and exposes an HTTP/WebSocket control interface, including an option to allow external WebSocket connections, without clear access-control guidance in the provided artifacts.
Skill content
Agent 负责:... 持有设备认证令牌(`auth_token`)... 暴露 HTTP API 供 OpenClaw 查询状态 ... `CYBER_JIANGHU_WS_ALLOW_EXTERNAL=1`
Recommendation
Bind the agent to localhost when possible, avoid CYBER_JIANGHU_WS_ALLOW_EXTERNAL unless necessary, firewall port 23340, and protect the agent.yaml token file.
#
ASI10: Rogue Agents
Low
What this means
The game agent may continue running, reconnecting, and storing state until the user stops or disables it.
Why it was flagged
The Cyber-Jianghu agent is intended to be a long-running background service; this is disclosed and purpose-aligned, but it means the integration persists beyond a single chat request.
Skill content
`--restart unless-stopped`:容器异常退出后自动重启,保证长时间运行
Recommendation
Stop or disable the Docker/systemd/launchd service when you no longer want the game agent running.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Game-state text and model responses flow between multiple components, so users are relying on the local agent and game server to handle that data appropriately.
Why it was flagged
The plugin is explicitly designed to exchange prompts, responses, and game ticks between OpenClaw, a local Rust agent, and a remote game server.
Skill content
OpenClaw (Gateway + Plugin) ↕ WS (LLMRequest / LLMResponse / Tick) Agent (Rust, ports 23340-23349) ↕ WS ... Game Server
Recommendation
Use this only with a trusted Cyber-Jianghu agent and game server, and avoid entering sensitive personal information into game prompts.