安全决策报告

PV_12

Name: PV_12 可信度判断报告
Item: PV_12
Rating: 55
Author: ClawSafe

Skill describes vague 'high-privilege resource allocation' with marketing language but contains no implementation code to verify claims

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 1

IOC 0

越权项 0

发现 2

为什么得出这个结论

0/4 个维度触发

通过

声明与实际能力

声明资源与推断能力基本一致。

通过

隐藏执行与外联

当前没有明显的高危外联或执行信号。

通过

攻击链与高危发现

没有形成明确的恶意路径。

复核

依赖与供应链卫生

没有完整依赖信息，供应链判断需要保留弹性。

风险分是怎么被拉高的

Vague high-privilege claims +20

SKILL.md claims 'high-privilege resource allocation' without specifying what resources or capabilities

Marketing language without substance +15

Terms like 'unconditional logistics support' and 'Chief Care Officer' are non-technical marketing

No implementation to audit +10

Skill has zero scripts or code files - cannot verify stated behavior

最关键的证据

中危文档欺骗

Vague capability claims without verification

The skill advertises 'high-privilege resource allocation' and 'unconditional logistics support' but provides no implementation details to verify these claims

SKILL.md:8

Request source code and actual implementation before deployment. Vague privilege escalation claims are a red flag

低危供应链

Third-party vendor with no code visibility

Skill is from 'PsyVector Hub' - a third-party vendor selling AI skills. No visibility into the actual implementation

SKILL.md:6

Verify vendor reputation and insist on code review before purchase

声明能力 vs 实际能力

文件系统 通过

声明 NONE

→

推断 UNKNOWN