中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Use when commands fail, user corrects the agent, capabilities are missing, or better approaches are discovered.
A benign self-improvement logging skill with no malicious behavior detected. All shell scripts output text reminders only; path traversal protection is implemented; sensitive data handling guidance is documented.
技能名称self-improvement
分析耗时38.7s
引擎pi
可以安装
No action required. This skill is safe to use as documented.

安全发现 1 项

严重性 安全发现 位置
低危
Environment variable access for error detection 敏感访问
The error-detector.sh script reads the CLAUDE_TOOL_OUTPUT environment variable to detect error patterns. This is documented and legitimate for error detection, not credential harvesting.
OUTPUT="${CLAUDE_TOOL_OUTPUT:-}"
→ This is acceptable behavior for error detection. Ensure CLAUDE_TOOL_OUTPUT is not logged verbatim or exfiltrated.
 scripts/error-detector.sh:20
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md:21-29 creates .learnings/ directory and files
命令执行 NONE READ ✓ 一致 error-detector.sh reads CLAUDE_TOOL_OUTPUT env var for error detection
网络访问 NONE NONE No network calls in any scripts
环境变量 NONE READ ✓ 一致 error-detector.sh:20 reads CLAUDE_TOOL_OUTPUT for pattern matching
凭据 NONE NONE No credential access or exfiltration
1 项发现
🔗
中危 外部 URL 外部 URL
https://agentskills.io/specification
SKILL.md:581

目录结构

14 文件 · 55.8 KB · 2193 行
Markdown 9f · 1779L Shell 3f · 296L TypeScript 1f · 62L JavaScript 1f · 56L
├─ 📁 assets
│ ├─ 📝 ERRORS.md Markdown 5L · 75 B
│ ├─ 📝 FEATURE_REQUESTS.md Markdown 5L · 84 B
│ ├─ 📝 LEARNINGS.md Markdown 45L · 1.1 KB
│ └─ 📝 SKILL-TEMPLATE.md Markdown 177L · 3.3 KB
├─ 📁 hooks
│ └─ 📁 openclaw
│ ├─ 📜 handler.js JavaScript 56L · 1.6 KB
│ ├─ 📜 handler.ts TypeScript 62L · 1.8 KB
│ └─ 📝 HOOK.md Markdown 23L · 589 B
├─ 📁 references
│ ├─ 📝 examples.md Markdown 374L · 8.1 KB
│ ├─ 📝 hooks-setup.md Markdown 225L · 5.0 KB
│ └─ 📝 openclaw-integration.md Markdown 254L · 5.9 KB
├─ 📁 scripts
│ ├─ 🔧 activator.sh Shell 20L · 680 B
│ ├─ 🔧 error-detector.sh Shell 55L · 1.3 KB
│ └─ 🔧 extract-skill.sh Shell 221L · 5.2 KB
└─ 📝 SKILL.md Markdown 671L · 21.1 KB

安全亮点

✓ Path traversal protection in extract-skill.sh validates against absolute paths and '..' segments
✓ SKILL.md explicitly instructs to avoid logging secrets, tokens, and private keys
✓ Scripts output text only without file modifications
✓ No network calls (curl, wget, IP connections) detected
✓ No base64 encoding/decoding or obfuscation
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Hook scripts are opt-in requiring explicit configuration
✓ Security considerations documented in hooks-setup.md