Security Scanner 安全扫描报告 — 低风险 | ClawSafe

15 /100

Security Scanner

Scans AI agent skills for security vulnerabilities, dangerous code patterns, and undeclared permissions via Claw0x Gateway API

This is a thin, legitimate API wrapper skill that calls an external Claw0x Gateway API for security scanning. No local code analysis, shell execution, filesystem access, or credential exfiltration occurs. The sole finding is a missing allowed-tools declaration in SKILL.md frontmatter, which is a documentation gap rather than a security violation.

技能名称Security Scanner

分析耗时46.0s

引擎pi

✓

可以安装

Add a complete allowed-tools declaration to SKILL.md frontmatter (e.g., Read for filesystem:READ, WebFetch for network:READ, and env access for environment:READ) to align documentation with the inferred capability footprint. No blocking action needed.

安全发现 3 项

严重性	安全发现	位置
低危	Missing allowed-tools declaration in SKILL.md frontmatter The SKILL.md YAML frontmatter lacks an allowed-tools field. While the handler.ts implementation is benign (only env:READ and network:READ are used), the absence of this declaration is a documentation gap. Users and agents cannot verify the actual permission footprint from the metadata alone. `--- name: Security Scanner description: > Scan AI agent skills for security vulnerabilities... metadata: requires: env: - CLAW0X_API_KEY ---` → Add an allowed-tools declaration to the frontmatter, e.g.: allowed-tools: Read: filesystem:READ WebFetch: network:READ env: environment:READ	`SKILL.md:1`
提示	IOC flagged 'rm -rf /' is a benign documentation example The pre-scan IOC flagged the string 'rm -rf /' at SKILL.md line 452. This is a text example in documentation showing what the Claw0x security scanning API would detect as a dangerous pattern. It is not executed code, poses no security risk, and is correctly used as a teaching example. `"code": "import os\nos.system('rm -rf /')",` → No action needed. The IOC is a false positive from the pre-scan treating all text matches equally.	`SKILL.md:452`
提示	External URLs used for API and branding The skill references claw0x.com URLs for the external API endpoint, signup, and documentation. These are declared in documentation and used for the intended API-based service. No unexpected or direct-IP network connections are present. `curl -X POST https://api.claw0x.com/v1/call` → No action needed. This is the intended service architecture.	`SKILL.md:45`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access found in handler.ts or SKILL.md
网络访问	`NONE`	`READ`	✓ 一致	handler.ts:64 - fetch('https://api.claw0x.com/v1/call', ...)
命令执行	`NONE`	`NONE`	—	No shell execution found
环境变量	`READ`	`READ`	✓ 一致	SKILL.md frontmatter declares requires.env: [CLAW0X_API_KEY]; handler.ts:51 uses…
技能调用	`NONE`	`NONE`	—	No skill invocation found
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser automation found
数据库	`NONE`	`NONE`	—	No database access found

1 严重 5 项发现

💀

严重危险命令危险 Shell 命令

rm -rf /

SKILL.md:452

🔗

中危外部 URL 外部 URL

https://claw0x.com

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://api.claw0x.com/v1/call

SKILL.md:45

🔗

中危外部 URL 外部 URL

https://claw0x.com/skills

SKILL.md:696

🔗

中危外部 URL 外部 URL

https://claw0x.com\n

handler.ts:78

目录结构

2 文件 · 25.0 KB · 818 行

Markdown 1f · 698L TypeScript 1f · 120L

├─ 📜 handler.ts TypeScript 120L · 3.0 KB

└─ 📝 SKILL.md Markdown 698L · 22.0 KB

安全亮点

✓ No shell execution or subprocess calls anywhere in the codebase

✓ No filesystem read/write operations — the handler is purely an HTTP client

✓ No credential harvesting or exfiltration — only reads the single required API key

✓ No base64 encoding/decoding, eval, or dynamic code execution patterns

✓ No access to sensitive paths such as ~/.ssh, ~/.aws, or .env

✓ No curl|bash or wget|sh remote script installation patterns

✓ No hidden HTML comments or steganographic payloads

✓ Input validation enforces mutually exclusive input modes (repo_url, skill_slug, code)

✓ API key is read from environment variables only, not hardcoded

✓ All code paths are straightforward and auditable