Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Kunwu Builder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is meant to control Kunwu Builder, but its runnable client defaults to a hardcoded private/Tailscale HTTP address and exposes broad scene-control commands, so users should review and retarget it before use.
Install only if you understand the Kunwu Builder API target. Before using it, edit or override KUNWU_API_URL so it points to your own trusted instance, remove the hardcoded 100.85.119.45 default if you do not own it, and require confirmation before reset, destroy, export, robot, equipment, or batch commands.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Exposed resource identifier
Critical
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Commands intended for your simulator could be sent to the wrong machine or to a publisher/developer network endpoint, potentially modifying or exposing model and scene data there.
Why it was flagged
If the user does not set KUNWU_API_URL, all API calls made by the main client go to a hardcoded plaintext private/Tailscale-range host rather than a clearly user-selected local Kunwu Builder instance.
Skill content
const BASE_URL = process.env.KUNWU_API_URL || 'http://100.85.119.45:16888';
Recommendation
Before use, set KUNWU_API_URL to your own Kunwu Builder address, remove hardcoded defaults, and prefer localhost or a clearly documented trusted host.
What this means
You may believe the skill only talks to software on your own computer, but the included code can target a different network address by default.
Why it was flagged
The quickstart presents the API as local-only, while the runnable client and other docs include non-local private addresses. That mismatch can make users trust the skill as local when it may send commands elsewhere.
Skill content
API 仅允许本地连接(127.0.0.1)
Recommendation
Update the documentation and code so the default target is consistent, explicit, and user-controlled; warn users whenever a non-local endpoint is configured.
What this means
An agent using this skill can issue broad Kunwu Builder commands, including scene and model mutations, with little built-in containment.
Why it was flagged
The skill exposes a raw HTTP API path and JSON body interface to the agent rather than a scoped set of safer operations; the same documentation includes model creation, assembly, behavior changes, and destruction/reset-style operations.
Skill content
`endpoint` | ✅ | API 路径 ... `data` | ❌ | 请求体 JSON
Recommendation
Add an endpoint allowlist and require explicit user confirmation for destructive actions such as reset, destroy, export, robot/equipment motion, and batch execution.
What this means
A mistaken or premature command could clear models and work in the connected Kunwu Builder scene.
Why it was flagged
Resetting the scene is purpose-aligned for a simulator-control skill, but it is a whole-environment mutation that can erase the current working scene if invoked at the wrong time.
Skill content
### 重置场景 ``` kunwu_call endpoint="/ResetScene" ```
Recommendation
Use reset and similar destructive commands only after explicit confirmation and after saving or exporting any important scene state.