扫描报告
5 /100
automatic-skill
Automatic Skill — 每日自动调研、设计、制作、测试并发布新 Skill 的元技能流水线
This is a legitimate meta-skill pipeline orchestrator with no malicious behavior. All scripts are pure prompt-generators that output text instructions for agents; they perform no dangerous operations themselves. Credential access (GITHUB_TOKEN, CLAWHUB_TOKEN) is fully declared in SKILL.md metadata and used solely for their stated purpose (GitHub commit/push and clawHub API publish). No hidden functionality, credential harvesting, or data exfiltration was found.
可以安装
This skill is safe to use. The declared environment variables (GITHUB_TOKEN, CLAWHUB_TOKEN) are necessary and appropriate for its publish-to-GitHub-and-clawHub purpose. No action required.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | SKILL.md lists 9 stages but pipeline.js implements 10 文档欺骗 | SKILL.md:38-46 vs scripts/pipeline.js:52:38 |
| 低危 | SKILL.md documentation table has wrong stage numbers 文档欺骗 | SKILL.md:38-46 vs scripts/pipeline.js:52:38 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Scripts read from data/ JSON files and write pipeline state — all documented in … |
| 网络访问 | READ | READ | ✓ 一致 | upload.js:90 — curl to api.clawhub.io; verify-upload.js:73 — GET api.clawhub.io.… |
| 命令执行 | NONE | NONE | — | No direct shell:WRITE found. Scripts output prompts instructing agents to run gi… |
| 环境变量 | READ | READ | ✓ 一致 | GITHUB_TOKEN, GITHUB_REPO, CLAWHUB_TOKEN read and used solely for their document… |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation. |
| 剪贴板 | NONE | NONE | — | No clipboard access. |
| 浏览器 | NONE | NONE | — | No browser access. |
| 数据库 | NONE | NONE | — | No database access. |
2 项发现
中危 外部 URL 外部 URL
https://api.clawhub.io/v1/skills/publish scripts/upload.js:90 中危 外部 URL 外部 URL
https://api.clawhub.io/v1/skills/$ scripts/verify-upload.js:73 目录结构
19 文件 · 89.5 KB · 2381 行 JavaScript 14f · 2121L
Markdown 1f · 174L
JSON 4f · 86L
├─
▾
data
│ ├─
current-pipeline.json
JSON
│ └─
pipeline-log.json
JSON
├─
▾
scripts
│ ├─
create.js
JavaScript
│ ├─
daily-pipeline.js
JavaScript
│ ├─
design.js
JavaScript
│ ├─
final-review.js
JavaScript
│ ├─
pipeline.js
JavaScript
│ ├─
push-toggle.js
JavaScript
│ ├─
research.js
JavaScript
│ ├─
review.js
JavaScript
│ ├─
self-check.js
JavaScript
│ ├─
self-run.js
JavaScript
│ ├─
seo.js
JavaScript
│ ├─
status.js
JavaScript
│ ├─
upload.js
JavaScript
│ └─
verify-upload.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
(none) | N/A | npm | 否 | package.json has no external dependencies — all scripts use only Node.js built-in modules (fs, path) |
安全亮点
✓ No base64-encoded execution, eval(), or Function() with user-controlled strings
✓ No credential harvesting or exfiltration — tokens used only for declared publish purpose
✓ No reverse shell, C2 communication, or hidden network exfiltration
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, /etc/passwd)
✓ No obfuscation techniques (base64 piping, atob, etc.)
✓ No supply chain risks — package.json has no external dependencies
✓ Security checklist is included in review.js and enforces: no hardcoded API keys, input validation, no eval()
✓ Dry-run mode skips all network operations — safe for testing
✓ Lock file prevents duplicate pipeline runs
✓ Pipeline state is stored locally in data/ JSON files, not transmitted externally