中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
skill-guard
Scan ClawHub skills for security vulnerabilities BEFORE installing. Uses mcp-scan to detect prompt injections, malware payloads, hardcoded secrets, and data exfiltration URLs.
skill-guard is a legitimate security-scanning tool that safely stages, scans, and optionally installs ClawHub skills using mcp-scan. The pre-scan IOCs are false positives: rm -rf / is a documentation example showing what mcp-scan detects, and curl|sh for uv is a documented dependency installation command.
技能名称skill-guard
分析耗时37.6s
引擎pi
可以安装
This skill is safe to use. The pre-scan flags are benign documentation examples, not actual malicious code execution.
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 safe-install.sh:59 rm -rf $STAGING_DIR (cleanup), safe-install.sh:83 mv for inst…
命令执行 WRITE WRITE ✓ 一致 safe-install.sh:47-53 clawhub install, safe-install.sh:77 uvx mcp-scan
网络访问 READ READ ✓ 一致 safe-install.sh:47 clawhub install (ClawHub registry), safe-install.sh:77 uvx mc…
环境变量 NONE READ ✓ 一致 safe-install.sh:13 reads CLAWHUB_WORKDIR only for config, no secrets accessed
2 严重 3 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf /
SKILL.md:91
💀
严重 危险命令 危险 Shell 命令
curl -LsSf https://astral.sh/uv/install.sh | sh
SKILL.md:96
🔗
中危 外部 URL 外部 URL
https://astral.sh/uv/install.sh
SKILL.md:96

目录结构

3 文件 · 10.0 KB · 321 行
Shell 1f · 211L Markdown 1f · 105L JSON 1f · 5L
├─ 📁 scripts
│ └─ 🔧 safe-install.sh Shell 211L · 6.1 KB
├─ 📋 _meta.json JSON 5L · 130 B
└─ 📝 SKILL.md Markdown 105L · 3.7 KB

依赖分析 3 项

包名版本来源已知漏洞备注
clawhub latest npm Official ClawHub CLI for skill installation
uv latest pip/astral Python package manager by Astral; uvx runs mcp-scan
mcp-scan latest uvx Security scanner by Snyk/Invariant Labs

安全亮点

✓ Skill explicitly documents its purpose as a security scanner for ClawHub skills
✓ Allows installation of clawhub CLI and uv via standard documented commands
✓ Uses staging directory (/tmp/) for untrusted skills—never touches real skills folder until scanned
✓ Integrates mcp-scan (Invariant Labs/Snyk) for security analysis
✓ Blocks installation on threats with exit code 2 and quarantines to staging
✓ No credential theft, data exfiltration, or sensitive path access
✓ clear exit codes (0=clean, 1=error, 2=threats found) with actionable guidance
✓ Documentation accurately reflects implementation—no doc-to-code mismatch