Core Vocabulary for CET-4 安全扫描报告 — 低风险 | ClawSafe

15 /100

Core Vocabulary for CET-4

Randomly generates one or more words from a curated database of 300 must-know College English Test Band 4 (CET-4) vocabulary.

Benign CET-4 vocabulary skill with only minor permission over-claim; no malicious code, scripts, or dangerous capabilities present.

技能名称Core Vocabulary for CET-4

分析耗时26.2s

引擎pi

✓

可以安装

Consider removing the undeclared 'shell' permission requirement from SKILL.md metadata if it is not used by the skill.

安全发现 1 项

严重性	安全发现	位置
低危	Over-claimed shell permission 文档欺骗 SKILL.md declares shell permission in metadata (bins: ['shell']) but no shell commands or scripts exist in the skill. This may be a template artifact or misconfiguration. `metadata: { "openclaw": { "emoji": "🚀", "requires": { "bins": ["shell"] } } }` → Remove the shell requirement from metadata if no shell execution is needed, or implement the declared functionality if shell access is intended.	`SKILL.md:4`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	word.txt is a static vocabulary file read by the skill
命令执行	`WRITE`	`NONE`	✓ 一致	SKILL.md metadata: requires.bins: ['shell'] - shell is declared but never used
网络访问	`NONE`	`NONE`	—	No network access detected

2 文件 · 32.9 KB · 302 行

Text 1f · 281L Markdown 1f · 21L

├─ 📝 SKILL.md Markdown 21L · 972 B

└─ 📄 word.txt Text 281L · 32.0 KB

✓ No malicious code present - purely a vocabulary database

✓ No network requests or data exfiltration

✓ No credential access or harvesting

✓ No obfuscation or encoded commands

✓ No sensitive file access (~/.ssh, .env, etc.)

✓ No remote script execution

✓ No dependencies or external packages

✓ word.txt contains only legitimate vocabulary data