中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 72/100
上次扫描:2 天前 重新扫描
72 /100
skill-gatekeeper
技能門禁系統 - 自動審核、沙盒測試、安全放行
Skill Gatekeeper uses undeclared child_process.exec with a hardcoded Windows path (C:/Users/ReaMasTer/) to invoke an external CLI tool, violating its own documented security principles.
技能名称skill-gatekeeper
分析耗时31.8s
引擎pi
不要安装此技能
Do not install. The skill invokes a hardcoded external tool path specific to a Windows user 'ReaMasTer' which is highly suspicious and undeclared in documentation.

攻击链 3 步

入口 Masquerades as a security audit tool through SKILL.md
SKILL.md:1
提权 Executes shell commands via child_process.execSync with hardcoded path
gatekeeper.ts:298
影响 Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data
gatekeeper.ts:298

安全发现 3 项

严重性 安全发现 位置
高危
Undeclared child_process.exec with hardcoded path
The skill executes external commands via child_process.execSync using a hardcoded Windows path C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js. This is never mentioned in SKILL.md and targets a specific user's npm installation.
execSync(`node "C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js" install ${slug} --dir "${SKILL_DIR}"`, { encoding: "utf-8" })
→ Remove hardcoded paths; use environment variables or declared configuration for external tool paths.
 gatekeeper.ts:298
高危
Self-contradicting security behavior
The skill scans other skills for dangerous patterns including child_process.exec but uses child_process.execSync itself. This 'do as I say, not as I do' pattern is a red flag.
child_process.exec\s*\( - system command execution pattern in HIGH_RISK_PATTERNS
→ If child_process.exec is needed, declare it in SKILL.md capabilities.
 gatekeeper.ts:76
中危
Hidden external tool dependency
The skill depends on an external CLI tool (clawhub) at a specific Windows path. This dependency is not declared in SKILL.md and introduces supply chain risk.
clawdhub.js
→ Declare all external dependencies in SKILL.md.
 gatekeeper.ts:298
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✗ 越权 gatekeeper.ts:298 - writes to SKILL_DIR, QUARANTINE_DIR
命令执行 NONE WRITE ✗ 越权 gatekeeper.ts:298 - child_process.execSync with hardcoded path
网络访问 READ WRITE ✓ 一致 gatekeeper.ts:112 - VirusTotal API POST
1 项发现
🔗
中危 外部 URL 外部 URL
https://www.virustotal.com/api/v3/files/$
gatekeeper.ts:112

目录结构

2 文件 · 18.1 KB · 528 行
TypeScript 1f · 411L Markdown 1f · 117L
├─ 📜 gatekeeper.ts TypeScript 411L · 14.3 KB
└─ 📝 SKILL.md Markdown 117L · 3.8 KB

安全亮点

✓ Skill is a legitimate security audit concept with clear documentation
✓ Uses sandbox isolation for testing new skills
✓ Integrates with VirusTotal for cloud-based threat detection
✓ Implements quarantine functionality for dangerous skills
✓ Pattern-based detection is reasonably comprehensive
✓ No credential harvesting patterns in local code