中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
skill-security-scanner
Enterprise-grade AI skill security scanner with static analysis for detecting dangerous patterns in other skills (EXFIL, INJECTION, OBFUSCATION, TROJAN categories)
This is a legitimate defensive security scanner that detects dangerous patterns in other AI skills. The IOC hits are all detection patterns in documentation, not executed malicious code.
技能名称skill-security-scanner
分析耗时66.3s
引擎pi
可以安装
Safe to use. This skill is a security scanner and its functions align with its declared purpose of detecting malicious patterns in AI skills.

安全发现 3 项

严重性 安全发现 位置
低危
SKILL.md missing allowed-tools declaration
SKILL.md does not include an explicit allowed-tools section mapping to the Bash/Read operations needed. This is a documentation gap rather than a security violation, as the capabilities used (shell:WRITE, filesystem:READ, network:READ) are all directly necessary for the scanner's declared function.
No allowed-tools section present
→ Add an allowed-tools section to SKILL.md: Bash→shell:WRITE, Read→filesystem:READ. This would eliminate the documentation gap and make capability requirements explicit.
 SKILL.md:1
提示
IOC hits in reference docs are detection patterns, not threats
The pre-scan flagged 'rm -rf /', 'curl | bash', 'wget | bash' in references/dangerous-commands.md (lines 7-13) and references/rules.md (line 125). These are legitimate detection-rule documentation entries describing patterns the scanner should flag in OTHER skills. The scanner itself does not execute these commands.
rm -rf /
→ No action needed. These are documented detection patterns.
 references/dangerous-commands.md:7
提示
Remote downloads use legitimate ClawHub/GitHub APIs
scan.sh uses curl to download skills from https://wry-manatee-359.convex.site/api/v1/download and GitHub archive URLs. These are functional endpoints for the scanner's remote scanning feature, not C2 infrastructure.
https://wry-manatee-359.convex.site/api/v1/download
→ No action needed. These URLs are the legitimate ClawHub download API and GitHub archive endpoints.
 scripts/scan.sh:258
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 scripts/scan.sh, scripts/scan-all.sh — executes grep, curl, git clone, unzip, fi…
文件系统 NONE READ ✓ 一致 scan.sh reads target skill files via cat; scanner.js reads files via fs.readFile…
网络访问 NONE READ ✓ 一致 scan.sh:258-270 uses curl to download target skills from ClawHub/GitHub URLs — f…
7 严重 10 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf /
references/dangerous-commands.md:7
💀
严重 危险命令 危险 Shell 命令
rm -rf ~
references/dangerous-commands.md:8
💀
严重 危险命令 危险 Shell 命令
curl \| bash
references/dangerous-commands.md:10
💀
严重 危险命令 危险 Shell 命令
wget -O- \| sh
references/dangerous-commands.md:11
💀
严重 危险命令 危险 Shell 命令
curl https://... \| sh
references/dangerous-commands.md:12
💀
严重 危险命令 危险 Shell 命令
wget https://... \| bash
references/dangerous-commands.md:13
💀
严重 危险命令 危险 Shell 命令
wget \| bash
references/rules.md:125
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/owner/skill-name
SKILL.md:82
🔗
中危 外部 URL 外部 URL
https://wry-manatee-359.convex.site/api/v1/download?slug=$
scripts/scan.sh:258
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/steipete/video-frames
scripts/scan.sh:590

目录结构

12 文件 · 71.5 KB · 1993 行
Markdown 4f · 926L Shell 3f · 822L JavaScript 3f · 231L JSON 1f · 12L Text 1f · 2L
├─ 📁 node
│ ├─ 📜 index.js JavaScript 22L · 576 B
│ └─ 📜 scanner.js JavaScript 196L · 8.3 KB
├─ 📁 references
│ ├─ 📝 dangerous-commands.md Markdown 185L · 4.6 KB
│ └─ 📝 rules.md Markdown 192L · 6.1 KB
├─ 📁 scripts
│ ├─ 🔧 run.sh Shell 3L · 83 B
│ ├─ 🔧 scan-all.sh Shell 116L · 4.2 KB
│ └─ 🔧 scan.sh Shell 703L · 31.1 KB
├─ 📜 index.js JavaScript 13L · 326 B
├─ 📋 package.json JSON 12L · 386 B
├─ 📝 SKILL_EN.md Markdown 183L · 4.9 KB
├─ 📝 SKILL.md Markdown 366L · 10.8 KB
└─ 📄 whitelist.txt Text 2L · 32 B

依赖分析 1 项

包名版本来源已知漏洞备注
(none) N/A package.json package.json contains only metadata (name, version, description). No runtime dependencies declared. No supply chain risk.

安全亮点

✓ This is a defensive security tool, not malware — it detects threats in other skills, it does not create them
✓ No credential harvesting, exfiltration, or data theft behavior found
✓ No reverse shell, C2, or persistent backdoor behavior
✓ No eval(), atob(), or obfuscated execution patterns in actual code
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No postinstall hooks with malicious payloads
✓ Shell commands (grep, curl, git, find) are all standard tooling necessary for a security scanner
✓ package.json has no runtime dependencies — only metadata, reducing supply chain risk
✓ The tool's behavior fully aligns with its SKILL.md documentation
✓ Static scoring approach (grep-based pattern matching) is transparent and auditable