ai-intelligent-content-generation 安全扫描报告 — 低风险 | ClawSafe

15 /100

ai-intelligent-content-generation

内容生成，文章生成 + 图片生成

A minimal content generation skill consisting only of documentation with no executable code. The only concern is unpinned pip dependencies in installation instructions.

技能名称ai-intelligent-content-generation

分析耗时24.6s

引擎pi

✓

可以安装

Consider adding version pins to requirements.txt and including actual implementation code for full security audit.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned pip dependencies 供应链 The installation instructions use 'pip install -r requirements.txt' without specifying version constraints, which could allow malicious package updates. `pip install -r requirements.txt` → Use pip install -r requirements.txt with pinned versions (e.g., pip install -r requirements.txt --require-hashes) or include a hash pinned requirements.txt	`SKILL.md:30`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No code files present to analyze
网络访问	`NONE`	`NONE`	—	No code files present to analyze
命令执行	`NONE`	`NONE`	—	No code files present to analyze
环境变量	`NONE`	`NONE`	—	No code files present to analyze
技能调用	`NONE`	`NONE`	—	No code files present to analyze
剪贴板	`NONE`	`NONE`	—	No code files present to analyze
浏览器	`NONE`	`NONE`	—	No code files present to analyze
数据库	`NONE`	`NONE`	—	No code files present to analyze

目录结构

1 文件 · 970 B · 51 行

Markdown 1f · 51L

└─ 📝 SKILL.md Markdown 51L · 970 B

安全亮点

✓ No executable code present - only documentation

✓ No base64-encoded commands or obfuscation detected

✓ No credential harvesting or sensitive file access

✓ No network exfiltration or C2 communication

✓ No remote script execution (curl|bash)

✓ No reverse shell or RCE patterns