silas_clash
silas-clash · v · by
66.3
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 10.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 0.0 | 10% |
| Infrastructure | 0.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 18.9 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 10
[CRITICAL] Remote code download and execution via curl pipe
(line 84)
curl -s http://127.0.0.1:9090/configs | python3 -c "import json,sys;d=json.load(sys.stdin);print(f\"模式: {d.get('mode')}\
[CRITICAL] Remote code download and execution via curl pipe
(line 89)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
[CRITICAL] Remote code download and execution via curl pipe
(line 111)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 0
[MEDIUM] GitHub release download from non-OpenClaw repo (potential payload hosting)
(line 22)
curl -Lo /tmp/mihomo.gz https://github.com/MetaCubeX/mihomo/releases/download/v1.19.21/mihomo-linux-amd64-v1.19.21.gz
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 58)
curl -s http://127.0.0.1:9090/version
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 67)
"api_url": "http://127.0.0.1:9090",
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 69)
"proxy_http": "http://127.0.0.1:7890",
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 83)
curl -s http://127.0.0.1:9090/version
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 84)
curl -s http://127.0.0.1:9090/configs | python3 -c "import json,sys;d=json.load(sys.stdin);print(f\"模式: {d.get('mode')}\
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 89)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 99)
curl -X PATCH http://127.0.0.1:9090/configs -H "Content-Type: application/json" -d '{"mode":"rule"}'
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 102)
curl -X PATCH http://127.0.0.1:9090/configs -H "Content-Type: application/json" -d '{"mode":"global"}'
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 105)
curl -X PATCH http://127.0.0.1:9090/configs -H "Content-Type: application/json" -d '{"mode":"direct"}'
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 111)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 118)
curl -X PUT "http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9" \
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 126)
curl -X GET "http://127.0.0.1:9090/group/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9/delay?timeout=5000&url=http
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 129)
curl -X GET "http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9/delay?timeout=5000&url=ht
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 138)
export http_proxy=http://127.0.0.1:7890
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 139)
export https_proxy=http://127.0.0.1:7890
TWOSTAGE — Score: 0
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 84)
curl -s http://127.0.0.1:9090/configs | python3 -c "import json,sys;d=json.load(sys.stdin);print(f\"模式: {d.get('mode')}\
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 89)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 111)
curl -s http://127.0.0.1:9090/proxies/%F0%9F%9A%80%20%E8%8A%82%E7%82%B9%E9%80%89%E6%8B%A9 | python3 -c "
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.