中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
nephesh-studio
完整智能团队协作架构,10个专业岗位分工协作,CEO全程调度,通过文件知识库持续成长。处理大型复杂任务,隔离执行不打扰,稳定交付高质量结果。
Nephesh Studio is a purely documentation-driven AI team collaboration skill with no executable code, all declared capabilities being filesystem operations for project management and subagent spawning for workflow coordination.
技能名称nephesh-studio
分析耗时45.8s
引擎pi
可以安装
Approve for use. The skill is a legitimate workflow orchestration system with well-documented markdown files and no executable scripts.

安全发现 3 项

严重性 安全发现 位置
低危
Documentation-only skill
All 29 files totaling 119.5KB are markdown documentation. No executable code, scripts, or binary files present.
--- name: nephesh-studio
→ No action needed. This is a documentation-driven workflow skill.
 SKILL.md:1
提示
Cron command reference in documentation
SKILL.md contains example 'openclaw cron add' commands as configuration reference. These are documentation only, not executed code.
openclaw cron add --name "Nephesh Studio Daily Check"
→ No action needed. Commands are documented as configuration reference for users to execute manually if desired.
 SKILL.md:85
提示
Subagent spawning is clearly declared
The skill declares and documents its use of subagent spawning with explicit parameters (runtime: subagent, mode: run, cleanup: delete).
runtime: subagent, mode: run, thread: false, cleanup: delete
→ No action needed. This is legitimate OpenClaw functionality used for workflow orchestration.
 SKILL.md:143
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares project directory creation and file writing
技能调用 WRITE WRITE ✓ 一致 SKILL.md: subagent spawning with run/cleanup/delete parameters
命令执行 NONE NONE No shell execution in code; cron command is documentation only
网络访问 NONE NONE No network requests made by the skill itself
环境变量 NONE NONE No environment variable access patterns found
剪贴板 NONE NONE No clipboard access patterns found
浏览器 NONE NONE No browser automation patterns found
数据库 NONE NONE No direct database access patterns found

目录结构

29 文件 · 119.5 KB · 3011 行
Markdown 29f · 3011L
├─ 📁 hr
│ ├─ 📝 performance.md Markdown 20L · 531 B
│ └─ 📝 README.md Markdown 29L · 975 B
├─ 📁 learning
│ ├─ 📝 ceo.md Markdown 25L · 1.1 KB
│ ├─ 📝 content-editor.md Markdown 23L · 964 B
│ ├─ 📝 data-analyst.md Markdown 25L · 1.1 KB
│ ├─ 📝 data-collector.md Markdown 25L · 1.1 KB
│ ├─ 📝 hr-manager.md Markdown 24L · 1.0 KB
│ ├─ 📝 project-manager.md Markdown 26L · 1.4 KB
│ ├─ 📝 qa-auditor.md Markdown 26L · 1.3 KB
│ ├─ 📝 senior-backend.md Markdown 25L · 1013 B
│ ├─ 📝 senior-frontend.md Markdown 27L · 1.3 KB
│ └─ 📝 task-planner.md Markdown 27L · 1.4 KB
├─ 📁 projects
│ └─ 📝 README.md Markdown 20L · 638 B
├─ 📁 roles
│ ├─ 📝 ceo.md Markdown 292L · 7.7 KB
│ ├─ 📝 content-editor.md Markdown 269L · 7.9 KB
│ ├─ 📝 data-analyst.md Markdown 136L · 5.7 KB
│ ├─ 📝 data-collector.md Markdown 138L · 5.8 KB
│ ├─ 📝 hr-manager.md Markdown 145L · 5.8 KB
│ ├─ 📝 project-manager.md Markdown 167L · 7.2 KB
│ ├─ 📝 qa-auditor.md Markdown 154L · 6.6 KB
│ ├─ 📝 senior-backend.md Markdown 146L · 5.7 KB
│ ├─ 📝 senior-frontend.md Markdown 146L · 5.9 KB
│ └─ 📝 task-planner.md Markdown 154L · 7.1 KB
├─ 📝 AGENCY.md Markdown 96L · 5.9 KB
├─ 📝 daily-checklist.md Markdown 157L · 6.4 KB
├─ 📝 RULES.md Markdown 137L · 5.7 KB
├─ 📝 SKILL.md Markdown 220L · 10.4 KB
├─ 📝 TEAM-ROSTER.md Markdown 22L · 1.4 KB
└─ 📝 workflow.md Markdown 310L · 10.5 KB

安全亮点

✓ All 29 files are markdown documentation - no executable code or scripts
✓ All capabilities (filesystem writes, subagent spawning) are clearly declared in SKILL.md
✓ No network exfiltration or credential harvesting patterns detected
✓ No shell execution, base64 encoding, or eval() patterns found
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) detected
✓ Clear workflow documentation with no hidden instructions
✓ Well-structured team collaboration system focused on legitimate project management