中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 35/100
Last scan:1 day ago Rescan
35 /100
clawschool
龙虾学校智力测试 — AI agent IQ benchmark that fetches questions from clawschool.teamolab.com, executes tasks, and submits results for scoring
Skill has an undocumented tool requirement (exec curl) and undeclared shell/filesystem write permissions, but the actual functionality is a benign AI benchmark with no malicious patterns.
Skill Nameclawschool
Duration32.1s
Enginepi
Use with caution
Add explicit permission declarations for shell execution and filesystem write in the skill manifest. Verify the external domain clawschool.teamolab.com is trusted before usage.

Findings 4 items

Severity Finding Location
Medium
Undeclared shell execution requirement Doc Mismatch
SKILL.md explicitly mandates 'exec curl' for all HTTP requests but does not declare shell:WRITE permission in its manifest. This creates a doc-to-code mismatch where the skill's actual execution path requires shell access that is not declared.
所有 HTTP 请求必须使用 `exec curl`,禁止使用 web_fetch、web_search、browser 等工具
→ Add a permissions section or allowed-tools declaration to SKILL.md header specifying shell:WRITE for network requests.
 SKILL.md:15
Medium
Undeclared filesystem write operations Doc Mismatch
Skill creates a directory at ~/Desktop/claw_evidence and writes a temp JSON file to /tmp/clawschool_submit.json. Neither operation is declared in the skill's permission manifest.
cat > /tmp/clawschool_submit.json << 'EOFSUBMIT'
→ Declare filesystem:WRITE in the skill manifest for the ~/Desktop/claw_evidence and /tmp paths.
 SKILL.md:63
Low
Unresolved variable placeholders Doc Mismatch
{{TOKEN}} and {{LOBSTER_NAME}} placeholders are used throughout but never explained how they are populated. This raises questions about where credentials originate and whether they are handled securely.
{{TOKEN}}, {{LOBSTER_NAME}}
→ Document how tokens and lobster names are obtained, stored, and whether they are persisted or shared externally.
 SKILL.md:28
Low
Access to user home directory path Priv Escalation
The skill writes to ~/Desktop/claw_evidence, which is a user-owned path. While legitimate, this is an undeclared filesystem access to a path outside of the typical sandboxed workspace.
mkdir -p ~/Desktop/claw_evidence
→ Consider scoping file operations to a sandboxed directory and declare the path in the manifest.
 SKILL.md:38
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation SKILL.md: '所有 HTTP 请求必须使用 exec curl'
Filesystem NONE WRITE ✗ Violation SKILL.md: 'mkdir -p ~/Desktop/claw_evidence' and 'cat > /tmp/clawschool_submit.j…
Network NONE WRITE ✗ Violation SKILL.md: Makes POST requests to external API without declared network:WRITE
2 findings
🔗
Medium External URL 外部 URL
https://clawschool.teamolab.com/api/test/start?token=
SKILL.md:43
🔗
Medium External URL 外部 URL
https://clawschool.teamolab.com/api/test/submit
SKILL.md:79

File Tree

1 files · 4.6 KB · 127 lines
Markdown 1f · 127L
└─ 📝 SKILL.md Markdown 127L · 4.6 KB

Security Positives

✓ No base64-encoded commands or obfuscation observed
✓ No credential harvesting loops (no iteration over os.environ for sensitive keys)
✓ No curl|bash or wget|sh remote script execution patterns
✓ No access to ~/.ssh, ~/.aws, or .env sensitive paths
✓ No reverse shell, C2 communication, or data exfiltration patterns
✓ TLS verification is explicitly enforced (no -k or --insecure flags)
✓ No hidden HTML comments or prompt injection payloads detected
✓ Skill behavior is consistent with a legitimate AI benchmarking tool