中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:19 小时前 重新扫描
20 /100
ai-intelligent-asset-lifecycle
企业资产管理,采购 + 使用 + 报废
Skill contains only documentation (SKILL.md) with no executable code; install instructions use external git clone which cannot be verified.
技能名称ai-intelligent-asset-lifecycle
分析耗时30.6s
引擎pi
可以安装
Verify the external GitHub repository before cloning; pin dependency versions in requirements.txt; declare allowed-tools if code is added.

安全发现 2 项

严重性 安全发现 位置
低危
Missing allowed-tools declaration 文档欺骗
skill.json does not declare any allowed-tools. Asset management would reasonably require filesystem and potentially database access, yet no permissions are declared.
{"name":"ai-intelligent-asset-lifecycle",...}
→ Add allowed-tools section if executable code is expected to be added to this skill.
 skill.json:1
提示
External repository dependency in install instructions 供应链
SKILL.md instructs users to 'git clone' from an external GitHub repository (github.com/openclaw-skills/ai-intelligent-asset-lifecycle). The actual code is not bundled with this skill and cannot be verified.
git clone https://github.com/openclaw-skills/ai-intelligent-asset-lifecycle
→ Consider bundling the code within the skill package rather than relying on external git clone. If external clone is necessary, verify the repository integrity.
 SKILL.md:35
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No code present to infer
网络访问 NONE NONE No code present to infer
命令执行 NONE NONE No code present to infer
数据库 NONE NONE No code present to infer

目录结构

2 文件 · 1.2 KB · 58 行
Markdown 1f · 51L JSON 1f · 7L
├─ 📋 skill.json JSON 7L · 217 B
└─ 📝 SKILL.md Markdown 51L · 990 B

安全亮点

✓ No executable code present - cannot perform malicious actions without implementation
✓ No credential harvesting patterns detected (no code to analyze)
✓ No network exfiltration observed (no code to analyze)
✓ No base64-encoded or obfuscated payloads present