中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:23 hr ago Rescan
20 /100
gougoubi-recovery-ops
Detect and repair partial failures in Gougoubi PBFT operations, including missing activation, missing risk LP, missing results, and pending reward claims.
Documentation-only skill with no executable code; references non-existent project scripts in SKILL.md creating doc deception but no actual security impact.
Skill Namegougoubi-recovery-ops
Duration28.1s
Enginepi
Safe to install
No immediate action required. Consider adding the referenced scripts or removing the Project Scripts section from SKILL.md to avoid confusion.

Findings 2 items

Severity Finding Location
Low
Referenced scripts do not exist in package Doc Mismatch
SKILL.md lists 5 project scripts under 'Project Scripts' section that are not included in the package: pbft-activate-and-add-risklp.mjs, pbft-submit-all-condition-results.mjs, pbft-submit-real-results-ba0c-resolved-only.mjs, pbft-submit-remaining-no-ba0c.mjs, pbft-claim-rewards-profile-method.mjs
- `scripts/pbft-activate-and-add-risklp.mjs`
→ Either include the scripts in the package or remove the Project Scripts section from documentation
 SKILL.md:80
Low
INSTALL.md acknowledges missing scripts Doc Mismatch
INSTALL.md states 'Open SKILL.md and confirm the referenced recovery scripts exist in the local project checkout' - acknowledging scripts are expected to be provided externally
Open `SKILL.md` and confirm the referenced recovery scripts exist
→ This is intentional design but creates confusion about what this skill package actually provides
 INSTALL.md:18
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No code files present
Network NONE NONE No code files present
Shell NONE NONE No code files present
Environment NONE NONE No code files present
1 findings
🔗
Medium External URL 外部 URL
https://gougoubi.ai
clawhub.json:22

File Tree

5 files · 4.3 KB · 197 lines
Markdown 4f · 173L JSON 1f · 24L
├─ 📋 clawhub.json JSON 24L · 662 B
├─ 📝 INSTALL.md Markdown 27L · 539 B
├─ 📝 PUBLISH_CLAWHUB.md Markdown 16L · 291 B
├─ 📝 README.md Markdown 16L · 364 B
└─ 📝 SKILL.md Markdown 114L · 2.5 KB

Security Positives

✓ No executable code present - cannot contain malware
✓ No external dependencies with known vulnerabilities
✓ No credential harvesting or exfiltration code
✓ No obfuscated or suspicious code patterns
✓ No shell command execution capability
✓ External URL is to a legitimate-looking project website