安全决策报告
skill-gatekeeper
Skill Gatekeeper uses undeclared child_process.exec with a hardcoded Windows path (C:/Users/ReaMasTer/) to invoke an external CLI tool, violating its own documented security principles.
最直接的威胁证据
01
Masquerades as a security audit tool through SKILL.md 初始入口 · SKILL.md
02
Executes shell commands via child_process.execSync with hardcoded path 权限提升 · gatekeeper.ts
03
Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data 最终危害 · gatekeeper.ts
为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 1 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Masquerades as a security audit tool through SKILL.md
初始入口 · SKILL.md:1
02
Executes shell commands via child_process.execSync with hardcoded path
权限提升 · gatekeeper.ts:298
03
Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data
最终危害 · gatekeeper.ts:298
风险分是怎么被拉高的
Undeclared shell execution via child_process.exec +30
SKILL.md never declares child_process.exec usage; line 298 executes shell commands
Hardcoded Windows user path +25
C:/Users/ReaMasTer/ - specific user path not declared, potential credential harvesting vector
Self-contradicting security scanner +15
Tool scans other skills for child_process.exec (line 76) but uses it itself
Hidden external tool dependency +10
Depends on external clawhub.js at undeclared path
最关键的证据
高危
Undeclared child_process.exec with hardcoded path
The skill executes external commands via child_process.execSync using a hardcoded Windows path C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js. This is never mentioned in SKILL.md and targets a specific user's npm installation.
gatekeeper.ts:298 Remove hardcoded paths; use environment variables or declared configuration for external tool paths.
高危
Self-contradicting security behavior
The skill scans other skills for dangerous patterns including child_process.exec but uses child_process.execSync itself. This 'do as I say, not as I do' pattern is a red flag.
gatekeeper.ts:76 If child_process.exec is needed, declare it in SKILL.md capabilities.
中危
Hidden external tool dependency
The skill depends on an external CLI tool (clawhub) at a specific Windows path. This dependency is not declared in SKILL.md and introduces supply chain risk.
gatekeeper.ts:298 Declare all external dependencies in SKILL.md.
声明能力 vs 实际能力
文件系统 阻止
声明 READ
→ 推断 WRITE
gatekeeper.ts:298 - writes to SKILL_DIR, QUARANTINE_DIR 命令执行 阻止
声明 NONE
→ 推断 WRITE
gatekeeper.ts:298 - child_process.execSync with hardcoded path 网络访问 通过
声明 READ
→ 推断 WRITE
gatekeeper.ts:112 - VirusTotal API POST 可疑产物与外联
中危 外部 URL
https://www.virustotal.com/api/v3/files/$ gatekeeper.ts:112
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 528 行
TypeScript 1 个文件 · 411 行Markdown 1 个文件 · 117 行
需关注文件 · 1
gatekeeper.ts Undeclared child_process.exec with hardcoded path · Self-contradicting security behavior · Hidden external tool dependency · https://www.virustotal.com/api/v3/files/$
其他文件 · SKILL.md
安全亮点
Skill is a legitimate security audit concept with clear documentation
Uses sandbox isolation for testing new skills
Integrates with VirusTotal for cloud-based threat detection
Implements quarantine functionality for dangerous skills
Pattern-based detection is reasonably comprehensive
No credential harvesting patterns in local code