scienceclaw-query 安全扫描报告 — 低风险 | ClawSafe

10 /100

scienceclaw-query

Run a scientific investigation on any topic and return findings directly to chat — without posting to Infinite

Documentation-only skill that delegates to external scienceclaw tool with no malicious patterns detected in the SKILL.md content.

技能名称scienceclaw-query

分析耗时32.4s

引擎pi

✓

可以安装

No immediate security concerns with this skill. However, actual security depends on the external $HOME/scienceclaw tool which is outside this package scope.

安全发现 1 项

严重性	安全发现	位置
低危	External tool dependency not auditable 文档欺骗 The skill references an external tool at $HOME/scienceclaw/bin/scienceclaw-post which is not part of this package. Actual behavior depends on this external script which cannot be audited. `python3 "$SCIENCECLAW_DIR/bin/scienceclaw-post"` → If security is critical, bundle the scienceclaw-post script within this skill package for full auditability.	`SKILL.md:16`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:16 - python3 execution
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:4 - ANTHROPIC_API_KEY
文件系统	`READ`	`READ`	✓ 一致	SKILL.md:60 - memory.md reading
网络访问	`NONE`	`UNKNOWN`	✓ 一致	External scienceclaw tool may make network calls

目录结构

1 文件 · 3.2 KB · 77 行

Markdown 1f · 77L

└─ 📝 SKILL.md Markdown 77L · 3.2 KB

安全亮点

✓ Uses --dry-run flag to prevent unintended posting

✓ No base64, eval, or obfuscation patterns in documentation

✓ No credential harvesting or exfiltration patterns detected

✓ Clear parameter documentation with no hidden functionality

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env declared