中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
nephesh-studio
完整智能团队协作架构,10个专业岗位分工协作,CEO全程调度,通过文件知识库持续成长。处理大型复杂任务,隔离执行不打扰,稳定交付高质量结果。
Nephesh Studio is a purely documentation-driven AI team collaboration skill with no executable code, all declared capabilities being filesystem operations for project management and subagent spawning for workflow coordination.
Skill Namenephesh-studio
Duration45.8s
Enginepi
Safe to install
Approve for use. The skill is a legitimate workflow orchestration system with well-documented markdown files and no executable scripts.

Findings 3 items

Severity Finding Location
Low
Documentation-only skill
All 29 files totaling 119.5KB are markdown documentation. No executable code, scripts, or binary files present.
--- name: nephesh-studio
→ No action needed. This is a documentation-driven workflow skill.
 SKILL.md:1
Info
Cron command reference in documentation
SKILL.md contains example 'openclaw cron add' commands as configuration reference. These are documentation only, not executed code.
openclaw cron add --name "Nephesh Studio Daily Check"
→ No action needed. Commands are documented as configuration reference for users to execute manually if desired.
 SKILL.md:85
Info
Subagent spawning is clearly declared
The skill declares and documents its use of subagent spawning with explicit parameters (runtime: subagent, mode: run, cleanup: delete).
runtime: subagent, mode: run, thread: false, cleanup: delete
→ No action needed. This is legitimate OpenClaw functionality used for workflow orchestration.
 SKILL.md:143
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md declares project directory creation and file writing
Skill Invoke WRITE WRITE ✓ Aligned SKILL.md: subagent spawning with run/cleanup/delete parameters
Shell NONE NONE No shell execution in code; cron command is documentation only
Network NONE NONE No network requests made by the skill itself
Environment NONE NONE No environment variable access patterns found
Clipboard NONE NONE No clipboard access patterns found
Browser NONE NONE No browser automation patterns found
Database NONE NONE No direct database access patterns found

File Tree

29 files · 119.5 KB · 3011 lines
Markdown 29f · 3011L
├─ 📁 hr
│ ├─ 📝 performance.md Markdown 20L · 531 B
│ └─ 📝 README.md Markdown 29L · 975 B
├─ 📁 learning
│ ├─ 📝 ceo.md Markdown 25L · 1.1 KB
│ ├─ 📝 content-editor.md Markdown 23L · 964 B
│ ├─ 📝 data-analyst.md Markdown 25L · 1.1 KB
│ ├─ 📝 data-collector.md Markdown 25L · 1.1 KB
│ ├─ 📝 hr-manager.md Markdown 24L · 1.0 KB
│ ├─ 📝 project-manager.md Markdown 26L · 1.4 KB
│ ├─ 📝 qa-auditor.md Markdown 26L · 1.3 KB
│ ├─ 📝 senior-backend.md Markdown 25L · 1013 B
│ ├─ 📝 senior-frontend.md Markdown 27L · 1.3 KB
│ └─ 📝 task-planner.md Markdown 27L · 1.4 KB
├─ 📁 projects
│ └─ 📝 README.md Markdown 20L · 638 B
├─ 📁 roles
│ ├─ 📝 ceo.md Markdown 292L · 7.7 KB
│ ├─ 📝 content-editor.md Markdown 269L · 7.9 KB
│ ├─ 📝 data-analyst.md Markdown 136L · 5.7 KB
│ ├─ 📝 data-collector.md Markdown 138L · 5.8 KB
│ ├─ 📝 hr-manager.md Markdown 145L · 5.8 KB
│ ├─ 📝 project-manager.md Markdown 167L · 7.2 KB
│ ├─ 📝 qa-auditor.md Markdown 154L · 6.6 KB
│ ├─ 📝 senior-backend.md Markdown 146L · 5.7 KB
│ ├─ 📝 senior-frontend.md Markdown 146L · 5.9 KB
│ └─ 📝 task-planner.md Markdown 154L · 7.1 KB
├─ 📝 AGENCY.md Markdown 96L · 5.9 KB
├─ 📝 daily-checklist.md Markdown 157L · 6.4 KB
├─ 📝 RULES.md Markdown 137L · 5.7 KB
├─ 📝 SKILL.md Markdown 220L · 10.4 KB
├─ 📝 TEAM-ROSTER.md Markdown 22L · 1.4 KB
└─ 📝 workflow.md Markdown 310L · 10.5 KB

Security Positives

✓ All 29 files are markdown documentation - no executable code or scripts
✓ All capabilities (filesystem writes, subagent spawning) are clearly declared in SKILL.md
✓ No network exfiltration or credential harvesting patterns detected
✓ No shell execution, base64 encoding, or eval() patterns found
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) detected
✓ Clear workflow documentation with no hidden instructions
✓ Well-structured team collaboration system focused on legitimate project management