Skill Trust Decision
lifescience-meta-router-internal
纯文档型路由技能,声称执行14个专家技能的MCP工具框架,但无任何可执行代码或依赖声明。文档欺骗风险:声称的能力与实际可验证内容严重不符。
Why this conclusion was reached
0/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
纯文档型技能 +15
无任何可执行代码,仅有SKILL.md声称执行MCP工具
声明-执行不符风险 +20
声称inline执行14个技能框架,但这些技能代码不存在
无allowed-tools声明 +10
文档未声明实际使用的MCP工具权限范围
Most important evidence
Medium Doc Mismatch
声明执行框架但无实际代码
SKILL.md声称'inline执行'14个专家技能的分析框架和MCP工具调用,但整个包中只有一份文档,无任何可执行代码验证这些声明。
SKILL.md:1 要求提供实际执行框架的代码,或明确说明此技能仅为prompt模板而非可执行技能
Low Priv Escalation
无allowed-tools权限声明
根据能力格模型,该技能应声明使用的MCP工具权限,但文档中未包含任何allowed-tools声明。
SKILL.md:1 在文档元数据中添加allowed-tools声明,明确该路由技能使用的MCP工具权限
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred NONE
SKILL.md 无文件操作代码 Network Pass
Declared NONE
→ Inferred NONE
声称调用MCP工具 ls_* 但无代码可验证 Shell Pass
Declared NONE
→ Inferred NONE
SKILL.md 无shell执行代码 Skill Invoke Pass
Declared NONE
→ Inferred NONE
声称inline执行14个技能但代码不存在 Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 539 lines
Markdown 1 files · 539 lines
Files of concern · 1
SKILL.md 声明执行框架但无实际代码 · 无allowed-tools权限声明
Security positives
无恶意代码发现(无脚本、无可执行文件)
无敏感路径访问声明
无网络外传行为(声称的MCP调用无代码验证)
无凭证收割或数据外泄代码