skill-gatekeeper Security Report — High Risk | ClawSafe

72 /100

skill-gatekeeper

技能門禁系統 - 自動審核、沙盒測試、安全放行

Skill Gatekeeper uses undeclared child_process.exec with a hardcoded Windows path (C:/Users/ReaMasTer/) to invoke an external CLI tool, violating its own documented security principles.

Skill Nameskill-gatekeeper

Duration31.8s

Enginepi

⛔

Do not install this skill

Do not install. The skill invokes a hardcoded external tool path specific to a Windows user 'ReaMasTer' which is highly suspicious and undeclared in documentation.

Attack Chain 3 steps

◎

Entry Masquerades as a security audit tool through SKILL.md

SKILL.md:1

⬡

Escalation Executes shell commands via child_process.execSync with hardcoded path

gatekeeper.ts:298

◉

Impact Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data

gatekeeper.ts:298

Findings 3 items

Severity	Finding	Location
High	Undeclared child_process.exec with hardcoded path The skill executes external commands via child_process.execSync using a hardcoded Windows path C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js. This is never mentioned in SKILL.md and targets a specific user's npm installation. execSync(`node "C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js" install ${slug} --dir "${SKILL_DIR}"`, { encoding: "utf-8" }) → Remove hardcoded paths; use environment variables or declared configuration for external tool paths.	`gatekeeper.ts:298`
High	Self-contradicting security behavior The skill scans other skills for dangerous patterns including child_process.exec but uses child_process.execSync itself. This 'do as I say, not as I do' pattern is a red flag. `child_process.exec\s*\( - system command execution pattern in HIGH_RISK_PATTERNS` → If child_process.exec is needed, declare it in SKILL.md capabilities.	`gatekeeper.ts:76`
Medium	Hidden external tool dependency The skill depends on an external CLI tool (clawhub) at a specific Windows path. This dependency is not declared in SKILL.md and introduces supply chain risk. `clawdhub.js` → Declare all external dependencies in SKILL.md.	`gatekeeper.ts:298`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✗ Violation	gatekeeper.ts:298 - writes to SKILL_DIR, QUARANTINE_DIR
Shell	`NONE`	`WRITE`	✗ Violation	gatekeeper.ts:298 - child_process.execSync with hardcoded path
Network	`READ`	`WRITE`	✓ Aligned	gatekeeper.ts:112 - VirusTotal API POST

1 findings

🔗

Medium External URL 外部 URL

https://www.virustotal.com/api/v3/files/$

gatekeeper.ts:112

File Tree

2 files · 18.1 KB · 528 lines

TypeScript 1f · 411L Markdown 1f · 117L

├─ 📜 gatekeeper.ts TypeScript 411L · 14.3 KB

└─ 📝 SKILL.md Markdown 117L · 3.8 KB

Security Positives

✓ Skill is a legitimate security audit concept with clear documentation

✓ Uses sandbox isolation for testing new skills

✓ Integrates with VirusTotal for cloud-based threat detection

✓ Implements quarantine functionality for dangerous skills

✓ Pattern-based detection is reasonably comprehensive

✓ No credential harvesting patterns in local code

Scan Report

Attack Chain 3 steps

Findings 3 items

File Tree

Security Positives