中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:20 小时前 重新扫描
5 /100
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Logs to markdown files and promotes valuable learnings to project memory.
A legitimate self-improvement logging skill with benign shell scripts for reminders and error detection. No malicious behavior, credential access, network calls, or data exfiltration observed.
技能名称self-improvement
分析耗时36.8s
引擎pi
可以安装
No action needed. The skill is safe to use. Consider documenting permission requirements in SKILL.md for completeness.

安全发现 1 项

严重性 安全发现 位置
低危
Missing permission declarations 文档欺骗
SKILL.md does not explicitly declare what permissions or allowed-tools the skill requires. While scripts are benign, documenting permission requirements would improve transparency.
No allowed-tools declaration in frontmatter
→ Add allowed-tools declaration to SKILL.md frontmatter if the skill will be invoked with tools. However, since the shell scripts only output text and do pattern matching, the actual risk is minimal.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 Scripts read CLAUDE_TOOL_OUTPUT env var only
命令执行 NONE READ ✓ 一致 Scripts use pattern matching, no dangerous commands
网络访问 NONE NONE No network calls in any scripts
环境变量 NONE READ ✓ 一致 error-detector.sh reads CLAUDE_TOOL_OUTPUT for error detection
凭证访问 NONE NONE No credential harvesting
1 项发现
🔗
中危 外部 URL 外部 URL
https://agentskills.io/specification
SKILL.md:557

目录结构

16 文件 · 53.5 KB · 2171 行
Markdown 10f · 1752L Shell 3f · 296L TypeScript 1f · 62L JavaScript 1f · 56L JSON 1f · 5L
├─ 📁 .learnings
│ ├─ 📝 ERRORS.md Markdown 5L · 75 B
│ ├─ 📝 FEATURE_REQUESTS.md Markdown 5L · 84 B
│ └─ 📝 LEARNINGS.md Markdown 5L · 99 B
├─ 📁 assets
│ ├─ 📝 LEARNINGS.md Markdown 45L · 1.1 KB
│ └─ 📝 SKILL-TEMPLATE.md Markdown 177L · 3.3 KB
├─ 📁 hooks
│ └─ 📁 openclaw
│ ├─ 📜 handler.js JavaScript 56L · 1.6 KB
│ ├─ 📜 handler.ts TypeScript 62L · 1.8 KB
│ └─ 📝 HOOK.md Markdown 23L · 589 B
├─ 📁 references
│ ├─ 📝 examples.md Markdown 374L · 8.1 KB
│ ├─ 📝 hooks-setup.md Markdown 223L · 4.8 KB
│ └─ 📝 openclaw-integration.md Markdown 248L · 5.5 KB
├─ 📁 scripts
│ ├─ 🔧 activator.sh Shell 20L · 680 B
│ ├─ 🔧 error-detector.sh Shell 55L · 1.3 KB
│ └─ 🔧 extract-skill.sh Shell 221L · 5.2 KB
├─ 📋 _meta.json JSON 5L · 139 B
└─ 📝 SKILL.md Markdown 647L · 19.2 KB

安全亮点

✓ No network requests or external communications
✓ No credential harvesting or environment variable enumeration
✓ No file writes to sensitive paths (~/.ssh, ~/.aws, etc.)
✓ extract-skill.sh has path validation (no absolute paths, no '..' traversal)
✓ Shell scripts are simple and readable with no obfuscation
✓ No base64 encoding or shell evasion techniques
✓ Hook handlers have proper event structure validation
✓ error-detector.sh only reads tool output, doesn't exfiltrate it
✓ GitHub URLs in SKILL.md are well-known legitimate repositories