中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:18 hr ago Rescan
20 /100
ai-intelligent-asset-lifecycle
企业资产管理,采购 + 使用 + 报废
Skill contains only documentation (SKILL.md) with no executable code; install instructions use external git clone which cannot be verified.
Skill Nameai-intelligent-asset-lifecycle
Duration30.6s
Enginepi
Safe to install
Verify the external GitHub repository before cloning; pin dependency versions in requirements.txt; declare allowed-tools if code is added.

Findings 2 items

Severity Finding Location
Low
Missing allowed-tools declaration Doc Mismatch
skill.json does not declare any allowed-tools. Asset management would reasonably require filesystem and potentially database access, yet no permissions are declared.
{"name":"ai-intelligent-asset-lifecycle",...}
→ Add allowed-tools section if executable code is expected to be added to this skill.
 skill.json:1
Info
External repository dependency in install instructions Supply Chain
SKILL.md instructs users to 'git clone' from an external GitHub repository (github.com/openclaw-skills/ai-intelligent-asset-lifecycle). The actual code is not bundled with this skill and cannot be verified.
git clone https://github.com/openclaw-skills/ai-intelligent-asset-lifecycle
→ Consider bundling the code within the skill package rather than relying on external git clone. If external clone is necessary, verify the repository integrity.
 SKILL.md:35
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No code present to infer
Network NONE NONE No code present to infer
Shell NONE NONE No code present to infer
Database NONE NONE No code present to infer

File Tree

2 files · 1.2 KB · 58 lines
Markdown 1f · 51L JSON 1f · 7L
├─ 📋 skill.json JSON 7L · 217 B
└─ 📝 SKILL.md Markdown 51L · 990 B

Security Positives

✓ No executable code present - cannot perform malicious actions without implementation
✓ No credential harvesting patterns detected (no code to analyze)
✓ No network exfiltration observed (no code to analyze)
✓ No base64-encoded or obfuscated payloads present