中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
skill-security-scanner
Enterprise-grade AI skill security scanner with static analysis for detecting dangerous patterns in other skills (EXFIL, INJECTION, OBFUSCATION, TROJAN categories)
This is a legitimate defensive security scanner that detects dangerous patterns in other AI skills. The IOC hits are all detection patterns in documentation, not executed malicious code.
Skill Nameskill-security-scanner
Duration66.3s
Enginepi
Safe to install
Safe to use. This skill is a security scanner and its functions align with its declared purpose of detecting malicious patterns in AI skills.

Findings 3 items

Severity Finding Location
Low
SKILL.md missing allowed-tools declaration
SKILL.md does not include an explicit allowed-tools section mapping to the Bash/Read operations needed. This is a documentation gap rather than a security violation, as the capabilities used (shell:WRITE, filesystem:READ, network:READ) are all directly necessary for the scanner's declared function.
No allowed-tools section present
→ Add an allowed-tools section to SKILL.md: Bash→shell:WRITE, Read→filesystem:READ. This would eliminate the documentation gap and make capability requirements explicit.
 SKILL.md:1
Info
IOC hits in reference docs are detection patterns, not threats
The pre-scan flagged 'rm -rf /', 'curl | bash', 'wget | bash' in references/dangerous-commands.md (lines 7-13) and references/rules.md (line 125). These are legitimate detection-rule documentation entries describing patterns the scanner should flag in OTHER skills. The scanner itself does not execute these commands.
rm -rf /
→ No action needed. These are documented detection patterns.
 references/dangerous-commands.md:7
Info
Remote downloads use legitimate ClawHub/GitHub APIs
scan.sh uses curl to download skills from https://wry-manatee-359.convex.site/api/v1/download and GitHub archive URLs. These are functional endpoints for the scanner's remote scanning feature, not C2 infrastructure.
https://wry-manatee-359.convex.site/api/v1/download
→ No action needed. These URLs are the legitimate ClawHub download API and GitHub archive endpoints.
 scripts/scan.sh:258
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✓ Aligned scripts/scan.sh, scripts/scan-all.sh — executes grep, curl, git clone, unzip, fi…
Filesystem NONE READ ✓ Aligned scan.sh reads target skill files via cat; scanner.js reads files via fs.readFile…
Network NONE READ ✓ Aligned scan.sh:258-270 uses curl to download target skills from ClawHub/GitHub URLs — f…
7 Critical 10 findings
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf /
references/dangerous-commands.md:7
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf ~
references/dangerous-commands.md:8
💀
Critical Dangerous Command 危险 Shell 命令
curl \| bash
references/dangerous-commands.md:10
💀
Critical Dangerous Command 危险 Shell 命令
wget -O- \| sh
references/dangerous-commands.md:11
💀
Critical Dangerous Command 危险 Shell 命令
curl https://... \| sh
references/dangerous-commands.md:12
💀
Critical Dangerous Command 危险 Shell 命令
wget https://... \| bash
references/dangerous-commands.md:13
💀
Critical Dangerous Command 危险 Shell 命令
wget \| bash
references/rules.md:125
🔗
Medium External URL 外部 URL
https://clawhub.ai/owner/skill-name
SKILL.md:82
🔗
Medium External URL 外部 URL
https://wry-manatee-359.convex.site/api/v1/download?slug=$
scripts/scan.sh:258
🔗
Medium External URL 外部 URL
https://clawhub.ai/steipete/video-frames
scripts/scan.sh:590

File Tree

12 files · 71.5 KB · 1993 lines
Markdown 4f · 926L Shell 3f · 822L JavaScript 3f · 231L JSON 1f · 12L Text 1f · 2L
├─ 📁 node
│ ├─ 📜 index.js JavaScript 22L · 576 B
│ └─ 📜 scanner.js JavaScript 196L · 8.3 KB
├─ 📁 references
│ ├─ 📝 dangerous-commands.md Markdown 185L · 4.6 KB
│ └─ 📝 rules.md Markdown 192L · 6.1 KB
├─ 📁 scripts
│ ├─ 🔧 run.sh Shell 3L · 83 B
│ ├─ 🔧 scan-all.sh Shell 116L · 4.2 KB
│ └─ 🔧 scan.sh Shell 703L · 31.1 KB
├─ 📜 index.js JavaScript 13L · 326 B
├─ 📋 package.json JSON 12L · 386 B
├─ 📝 SKILL_EN.md Markdown 183L · 4.9 KB
├─ 📝 SKILL.md Markdown 366L · 10.8 KB
└─ 📄 whitelist.txt Text 2L · 32 B

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
(none) N/A package.json No package.json contains only metadata (name, version, description). No runtime dependencies declared. No supply chain risk.

Security Positives

✓ This is a defensive security tool, not malware — it detects threats in other skills, it does not create them
✓ No credential harvesting, exfiltration, or data theft behavior found
✓ No reverse shell, C2, or persistent backdoor behavior
✓ No eval(), atob(), or obfuscated execution patterns in actual code
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No postinstall hooks with malicious payloads
✓ Shell commands (grep, curl, git, find) are all standard tooling necessary for a security scanner
✓ package.json has no runtime dependencies — only metadata, reducing supply chain risk
✓ The tool's behavior fully aligns with its SKILL.md documentation
✓ Static scoring approach (grep-based pattern matching) is transparent and auditable