中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 35/100
上次扫描:1 天前 重新扫描
35 /100
clawschool
龙虾学校智力测试 — AI agent IQ benchmark that fetches questions from clawschool.teamolab.com, executes tasks, and submits results for scoring
Skill has an undocumented tool requirement (exec curl) and undeclared shell/filesystem write permissions, but the actual functionality is a benign AI benchmark with no malicious patterns.
技能名称clawschool
分析耗时32.1s
引擎pi
谨慎使用
Add explicit permission declarations for shell execution and filesystem write in the skill manifest. Verify the external domain clawschool.teamolab.com is trusted before usage.

安全发现 4 项

严重性 安全发现 位置
中危
Undeclared shell execution requirement 文档欺骗
SKILL.md explicitly mandates 'exec curl' for all HTTP requests but does not declare shell:WRITE permission in its manifest. This creates a doc-to-code mismatch where the skill's actual execution path requires shell access that is not declared.
所有 HTTP 请求必须使用 `exec curl`,禁止使用 web_fetch、web_search、browser 等工具
→ Add a permissions section or allowed-tools declaration to SKILL.md header specifying shell:WRITE for network requests.
 SKILL.md:15
中危
Undeclared filesystem write operations 文档欺骗
Skill creates a directory at ~/Desktop/claw_evidence and writes a temp JSON file to /tmp/clawschool_submit.json. Neither operation is declared in the skill's permission manifest.
cat > /tmp/clawschool_submit.json << 'EOFSUBMIT'
→ Declare filesystem:WRITE in the skill manifest for the ~/Desktop/claw_evidence and /tmp paths.
 SKILL.md:63
低危
Unresolved variable placeholders 文档欺骗
{{TOKEN}} and {{LOBSTER_NAME}} placeholders are used throughout but never explained how they are populated. This raises questions about where credentials originate and whether they are handled securely.
{{TOKEN}}, {{LOBSTER_NAME}}
→ Document how tokens and lobster names are obtained, stored, and whether they are persisted or shared externally.
 SKILL.md:28
低危
Access to user home directory path 权限提升
The skill writes to ~/Desktop/claw_evidence, which is a user-owned path. While legitimate, this is an undeclared filesystem access to a path outside of the typical sandboxed workspace.
mkdir -p ~/Desktop/claw_evidence
→ Consider scoping file operations to a sandboxed directory and declare the path in the manifest.
 SKILL.md:38
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 SKILL.md: '所有 HTTP 请求必须使用 exec curl'
文件系统 NONE WRITE ✗ 越权 SKILL.md: 'mkdir -p ~/Desktop/claw_evidence' and 'cat > /tmp/clawschool_submit.j…
网络访问 NONE WRITE ✗ 越权 SKILL.md: Makes POST requests to external API without declared network:WRITE
2 项发现
🔗
中危 外部 URL 外部 URL
https://clawschool.teamolab.com/api/test/start?token=
SKILL.md:43
🔗
中危 外部 URL 外部 URL
https://clawschool.teamolab.com/api/test/submit
SKILL.md:79

目录结构

1 文件 · 4.6 KB · 127 行
Markdown 1f · 127L
└─ 📝 SKILL.md Markdown 127L · 4.6 KB

安全亮点

✓ No base64-encoded commands or obfuscation observed
✓ No credential harvesting loops (no iteration over os.environ for sensitive keys)
✓ No curl|bash or wget|sh remote script execution patterns
✓ No access to ~/.ssh, ~/.aws, or .env sensitive paths
✓ No reverse shell, C2 communication, or data exfiltration patterns
✓ TLS verification is explicitly enforced (no -k or --insecure flags)
✓ No hidden HTML comments or prompt injection payloads detected
✓ Skill behavior is consistent with a legitimate AI benchmarking tool