meta-skill-generator Security Report — Low Risk | ClawSafe

22 /100

meta-skill-generator

AI 技能自动生成框架 - 自动扫描、注册、检索、生成、评估、测试、优化技能

A legitimate skill generation framework with minor security concerns: hardcoded API key placeholder in config and subprocess execution for sandboxed code testing.

Skill Namemeta-skill-generator

Duration64.4s

Enginepi

✓

Safe to install

Review and update the API key configuration to use environment variables. Ensure sandboxed code execution is properly isolated in production environments.

Findings 2 items

Severity	Finding	Location
Low	API Key Configuration Issue Doc Mismatch The config.yaml contains a hardcoded API key placeholder 'YOUR_API_KEY_HERE'. While this is a placeholder, it indicates the credential handling pattern may not follow security best practices. `api_key: "YOUR_API_KEY_HERE"` → Use environment variables for API keys: os.getenv('DEEPSEEK_API_KEY') instead of hardcoded values	`config.yaml:26`
Low	Subprocess Execution in Sandbox RCE sandbox.py uses subprocess.run() to execute Python code in a temporary file. This is documented behavior for skill testing but could be risky if used with untrusted code. `result = subprocess.run(['python', temp_file], capture_output=True, text=True, timeout=self.timeout)` → Ensure proper sandboxing is in place and consider using Docker isolation as implemented in tester.py	`scripts/sandbox.py:44`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares skill generation, config.yaml shows storage paths
Network	`READ`	`READ`	✓ Aligned	config.yaml:25 - DeepSeek API for skill generation
Shell	`WRITE`	`WRITE`	✓ Aligned	sandbox.py:44 - subprocess.run(['python', temp_file]) for sandbox testing
Environment	`READ`	`READ`	✓ Aligned	generator.py uses llm_client for API calls

1 High 3 findings

🔑

High API Key 疑似硬编码凭证

api_key: "YOUR_API_KEY_HERE"

config.yaml:26

🔗

Medium External URL 外部 URL

https://api.deepseek.com

config.yaml:25

🔗

Medium External URL 外部 URL

https://hf-mirror.com

scripts/test_mirror.py:9

File Tree

33 files · 161.9 KB · 5564 lines

Python 22f · 4076L Markdown 6f · 856L JSON 3f · 493L YAML 2f · 139L

├─ ▾ 📁 assets

│ └─ ▾ 📁 templates

│ ├─ 🐍 base_skill.py Python 96L · 2.3 KB

│ └─ 📋 metadata.yaml YAML 56L · 1.0 KB

├─ ▾ 📁 generated

│ ├─ ▾ 📁 reminder

│ │ └─ 📝 SKILL.md Markdown 36L · 576 B

│ └─ 📝 truthfulness_optimized.md Markdown 72L · 1.6 KB

├─ ▾ 📁 references

│ ├─ 📝 api_reference.md Markdown 301L · 4.7 KB

│ ├─ 📝 architecture.md Markdown 117L · 5.0 KB

│ └─ 📝 examples.md Markdown 236L · 5.1 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 __init__.py Python 39L · 1.0 KB

│ ├─ 🐍 auto_refactor.py Python 190L · 6.1 KB

│ ├─ 🐍 composer.py Python 343L · 9.8 KB

│ ├─ 🐍 embed_skill.py Python 259L · 7.8 KB

│ ├─ 🐍 evaluator.py Python 227L · 7.4 KB

│ ├─ 🐍 generate_skill.py Python 120L · 3.2 KB

│ ├─ 🐍 generator.py Python 353L · 8.9 KB

│ ├─ 🐍 init_db.py Python 94L · 2.7 KB

│ ├─ 🐍 optimize_truthfulness.py Python 42L · 1.2 KB

│ ├─ 🐍 optimizer.py Python 293L · 9.7 KB

│ ├─ 🐍 planner.py Python 226L · 7.3 KB

│ ├─ 🐍 sandbox.py Python 155L · 4.5 KB

│ ├─ 🐍 scan_skills.py Python 163L · 5.2 KB

│ ├─ 🐍 simple_db.py Python 106L · 3.2 KB

│ ├─ 🐍 test_mirror.py Python 27L · 702 B

│ ├─ 🐍 tester.py Python 390L · 11.3 KB

│ └─ 🐍 vector_search.py Python 115L · 3.1 KB

├─ 📋 config.yaml YAML 83L · 1.7 KB

├─ 📋 optimize_db.json JSON 97L · 8.5 KB

├─ 📋 scores_db.json JSON 39L · 834 B

├─ 📝 SKILL.md Markdown 94L · 1.9 KB

├─ 📋 skills_db.json JSON 357L · 11.4 KB

├─ 🐍 test_basic_only.py Python 169L · 4.7 KB

├─ 🐍 test_basic.py Python 264L · 7.7 KB

├─ 🐍 test_minimal.py Python 230L · 6.7 KB

└─ 🐍 test_simple.py Python 175L · 4.9 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`chromadb`	`not pinned`	import	No	Version not explicitly pinned in requirements
`networkx`	`not pinned`	import	No	Version not explicitly pinned
`sentence-transformers`	`not pinned`	pip	No	Used for vector embeddings - version not pinned

Security Positives

✓ No credential harvesting - code does not iterate through environment variables to find sensitive keys

✓ No obfuscation - no base64-encoded execution, eval(), or anti-analysis techniques found

✓ No sensitive file access - code does not access ~/.ssh, ~/.aws, or similar sensitive paths

✓ Docker-based sandboxing with security options (no-new-privileges, read-only, network-disabled)

✓ Documentation matches implementation - SKILL.md accurately describes the skill's capabilities

✓ No hidden functionality detected - all code appears to serve the documented purpose

Scan Report

Findings 2 items

File Tree

Dependencies 3 items

Security Positives