gougoubi-recovery-ops 安全扫描报告 — 低风险 | ClawSafe

20 /100

gougoubi-recovery-ops

Detect and repair partial failures in Gougoubi PBFT operations, including missing activation, missing risk LP, missing results, and pending reward claims.

Documentation-only skill with no executable code; references non-existent project scripts in SKILL.md creating doc deception but no actual security impact.

技能名称gougoubi-recovery-ops

分析耗时28.1s

引擎pi

✓

可以安装

No immediate action required. Consider adding the referenced scripts or removing the Project Scripts section from SKILL.md to avoid confusion.

安全发现 2 项

严重性	安全发现	位置
低危	Referenced scripts do not exist in package 文档欺骗 SKILL.md lists 5 project scripts under 'Project Scripts' section that are not included in the package: pbft-activate-and-add-risklp.mjs, pbft-submit-all-condition-results.mjs, pbft-submit-real-results-ba0c-resolved-only.mjs, pbft-submit-remaining-no-ba0c.mjs, pbft-claim-rewards-profile-method.mjs - `scripts/pbft-activate-and-add-risklp.mjs` → Either include the scripts in the package or remove the Project Scripts section from documentation	`SKILL.md:80`
低危	INSTALL.md acknowledges missing scripts 文档欺骗 INSTALL.md states 'Open SKILL.md and confirm the referenced recovery scripts exist in the local project checkout' - acknowledging scripts are expected to be provided externally Open `SKILL.md` and confirm the referenced recovery scripts exist → This is intentional design but creates confusion about what this skill package actually provides	`INSTALL.md:18`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No code files present
网络访问	`NONE`	`NONE`	—	No code files present
命令执行	`NONE`	`NONE`	—	No code files present
环境变量	`NONE`	`NONE`	—	No code files present

1 项发现

🔗

中危外部 URL 外部 URL

https://gougoubi.ai

clawhub.json:22

目录结构

5 文件 · 4.3 KB · 197 行

Markdown 4f · 173L JSON 1f · 24L

├─ 📋 clawhub.json JSON 24L · 662 B

├─ 📝 INSTALL.md Markdown 27L · 539 B

├─ 📝 PUBLISH_CLAWHUB.md Markdown 16L · 291 B

├─ 📝 README.md Markdown 16L · 364 B

└─ 📝 SKILL.md Markdown 114L · 2.5 KB

安全亮点

✓ No executable code present - cannot contain malware

✓ No external dependencies with known vulnerabilities

✓ No credential harvesting or exfiltration code

✓ No obfuscated or suspicious code patterns

✓ No shell command execution capability

✓ External URL is to a legitimate-looking project website