bp-prototype Security Report — Low Risk | ClawSafe

15 /100

bp-prototype

BP原型模板制造 Skill - 通过对话交互，从BP规范(GitHub) + BP系统接口(实时数据)自动推理生成四套空白母版模板（年报/半年报/季报/月报）

Legitimate BP template generation skill with no malicious behavior detected. Declared exec permission is a minor doc inconsistency but actual implementation only uses standard file/network operations.

Skill Namebp-prototype

Duration44.0s

Enginepi

✓

Safe to install

Accept for use. Consider clarifying the 'exec' tool declaration in SKILL.md to reflect actual READ/WRITE file operations instead.

Findings 1 items

Severity	Finding	Location
Low	Misleading tool permission declaration Doc Mismatch SKILL.md declares 'exec' permission with risk_level:medium for the generate tool, but the actual implementation (scripts/generate.py) only performs file I/O and HTTP requests using urllib. No command execution occurs. `permission: exec risk_level: medium` → Change permission to 'read_write' and risk_level to 'low' to accurately reflect actual capabilities	`SKILL.md:10`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	scripts/generate.py:143 - version_dir.mkdir() writes to versions/
Filesystem	`NONE`	`READ`	✓ Aligned	scripts/generate.py reads references/ directory
Network	`READ`	`READ`	✓ Aligned	scripts/generate.py:117 - update_spec() fetches from GitHub
Shell	`NONE`	`NONE`	—	No subprocess/os.system calls found
Environment	`NONE`	`NONE`	—	Proxy env vars only, no credential access
Skill Invoke	`NONE`	`NONE`	—	No skill invocation patterns
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database operations

File Tree

11 files · 66.2 KB · 1812 lines

Markdown 8f · 1499L Python 1f · 237L JSON 2f · 76L

├─ ▾ 📁 references

│ ├─ ▾ 📁 bp-examples

│ │ ├─ 📋 中心BP_产品中心_v1.json JSON 39L · 937 B

│ │ └─ 📋 集团BP_G1_v1.json JSON 37L · 975 B

│ ├─ ▾ 📁 bp-spec

│ │ └─ 📝 BP系统操作手册.md Markdown 472L · 26.8 KB

│ └─ ▾ 📁 template-rules

│ └─ 📝 生成规则.md Markdown 119L · 4.8 KB

├─ ▾ 📁 scripts

│ └─ 🐍 generate.py Python 237L · 7.6 KB

├─ ▾ 📁 versions

│ ├─ ▾ 📁 20260401-175457-v1

│ │ ├─ 📝 P001-T001-HALFYEAR-TPL-v1_半年报模板.md Markdown 128L · 3.7 KB

│ │ ├─ 📝 P001-T001-MONTH-TPL-v1_月报模板.md Markdown 152L · 3.8 KB

│ │ ├─ 📝 P001-T001-QUARTER-TPL-v1_季报模板.md Markdown 132L · 3.7 KB

│ │ └─ 📝 P001-T001-YEAR-TPL-v1_年报模板.md Markdown 133L · 3.7 KB

│ └─ ▾ 📁 20260401-184800-v2-test

│ └─ 📝 P001-T001-QUARTER-TPL-v2-test_季报模板.md Markdown 178L · 5.3 KB

└─ 📝 SKILL.md Markdown 185L · 5.1 KB

Security Positives

✓ Network access limited to explicitly declared GitHub URL and BP system API endpoints

✓ File operations scoped to project subdirectories (versions/, references/)

✓ Uses Python urllib (not curl|bash) for external downloads

✓ No credential harvesting or environment variable access for sensitive data

✓ No obfuscation, base64 encoding, or anti-analysis patterns

✓ No external IP connections beyond declared GitHub/API hosts

✓ Clear, well-documented Python implementation (237 lines)

✓ Version-pinned references in example JSON files

✓ No cron jobs, startup hooks, or persistence mechanisms

✓ All template files are standard Markdown with no hidden content

Scan Report

Findings 1 items

File Tree

Security Positives