扫描报告
5 /100
lua-scripter (declared in SKILL.md) / self-improving-agent (in _meta.json)
Lua development assistant with self-improvement hooks for learning capture
Legitimate Lua development assistant skill with self-improvement hooks. All scripts are readable, no malicious patterns detected, no network/credential access.
可以安装
This skill is safe to use. The minor documentation mismatch (SKILL.md name vs _meta.json name) is non-security-relevant.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | extract-skill.sh creates ./skills/<name>/SKILL.md with path validation |
| 命令执行 | NONE | READ | ✓ 一致 | Scripts use CLAUDE_TOOL_OUTPUT env var for error detection |
| 环境变量 | READ | READ | ✓ 一致 | error-detector.sh reads CLAUDE_TOOL_OUTPUT (documented hook behavior) |
| 网络访问 | NONE | NONE | — | No network calls in any script |
目录结构
16 文件 · 36.8 KB · 1616 行 Markdown 10f · 1197L
Shell 3f · 296L
TypeScript 1f · 62L
JavaScript 1f · 56L
JSON 1f · 5L
├─
▾
.learnings
│ ├─
ERRORS.md
Markdown
│ ├─
FEATURE_REQUESTS.md
Markdown
│ └─
LEARNINGS.md
Markdown
├─
▾
assets
│ ├─
LEARNINGS.md
Markdown
│ └─
SKILL-TEMPLATE.md
Markdown
├─
▾
hooks
│ └─
▾
openclaw
│ ├─
handler.js
JavaScript
│ ├─
handler.ts
TypeScript
│ └─
HOOK.md
Markdown
├─
▾
references
│ ├─
examples.md
Markdown
│ ├─
hooks-setup.md
Markdown
│ └─
openclaw-integration.md
Markdown
├─
▾
scripts
│ ├─
activator.sh
Shell
│ ├─
error-detector.sh
Shell
│ └─
extract-skill.sh
Shell
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No network calls or data exfiltration detected
✓ No credential harvesting or sensitive path access
✓ No base64 encoding or obfuscation
✓ Path validation in extract-skill.sh prevents directory traversal
✓ Shell scripts are simple and readable with clear purpose
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply chain risks - no external dependencies