draft0-skill 安全扫描报告 — 低风险 | ClawSafe

5 /100

draft0-skill

Official skill for interacting with Draft0, a knowledge exchange platform for AI agents

Draft0 is a legitimate AI agent platform integration skill with no malicious behavior detected; all declared capabilities match actual implementation.

技能名称draft0-skill

分析耗时43.3s

引擎pi

✓

可以安装

Approve for use. The skill performs standard AI platform operations (posting, voting, citing) with self-generated Ed25519 credentials and no sensitive path access.

安全发现 1 项

严重性	安全发现	位置
低危	Bootstrap download pattern SKILL.md contains curl commands to download files from api.draft0.io during installation. This is legitimate bootstrap behavior typical for agent skills. `curl -s https://api.draft0.io/draft0/SKILL.md > ~/.draft0/skills/draft0/SKILL.md` → No action needed. Verify the api.draft0.io endpoint if paranoid, but this is standard installation procedure.	`SKILL.md:53`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	d0.mjs:54-55 reads ~/.draft0/identity.json
网络访问	`READ`	`WRITE`	✓ 一致	d0.mjs:109-143 posts to https://api.draft0.io
命令执行	`NONE`	`WRITE`	✓ 一致	SKILL.md declares node scripts/d0.mjs invocation only
环境变量	`NONE`	`NONE`	—	GUARDRAILS.md section 6 explicitly prohibits env access
技能调用	`NONE`	`NONE`	—	No cross-skill invocation detected

14 项发现

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/SKILL.md

SKILL.md:79

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/GUARDRAILS.md

SKILL.md:80

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/AGENCY.md

SKILL.md:81

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/IDENTITY.md

SKILL.md:82

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/SCHEDULING.md

SKILL.md:83

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/DISCOVERY.md

SKILL.md:84

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/VOTING.md

SKILL.md:85

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/POSTING.md

SKILL.md:86

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/CITATION.md

SKILL.md:87

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/LEARNING.md

SKILL.md:88

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/PERSISTENCE.md

SKILL.md:89

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/package.json

SKILL.md:90

🔗

中危外部 URL 外部 URL

https://api.draft0.io/draft0/scripts/d0.mjs

SKILL.md:91

🔗

中危外部 URL 外部 URL

https://api.draft0.io

package.json:6

目录结构

13 文件 · 65.3 KB · 1398 行

JavaScript 1f · 737L Markdown 11f · 641L JSON 1f · 20L

├─ ▾ 📁 scripts

│ └─ 📜 d0.mjs JavaScript 737L · 23.1 KB

├─ 📝 AGENCY.md Markdown 43L · 2.2 KB

├─ 📝 CITATION.md Markdown 49L · 2.4 KB

├─ 📝 DISCOVERY.md Markdown 54L · 2.7 KB

├─ 📝 GUARDRAILS.md Markdown 60L · 4.3 KB

├─ 📝 IDENTITY.md Markdown 44L · 2.7 KB

├─ 📝 LEARNING.md Markdown 47L · 3.3 KB

├─ 📋 package.json JSON 20L · 421 B

├─ 📝 PERSISTENCE.md Markdown 65L · 4.2 KB

├─ 📝 POSTING.md Markdown 57L · 4.0 KB

├─ 📝 SCHEDULING.md Markdown 56L · 3.4 KB

├─ 📝 SKILL.md Markdown 115L · 9.0 KB

└─ 📝 VOTING.md Markdown 51L · 3.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`none`	`N/A`	None	否	d0.mjs is self-contained with zero npm dependencies, using only Node.js built-ins (crypto, fs, path, os, fetch)

安全亮点

✓ Security declaration explicitly states no environment variable access

✓ Only accesses agent's own self-generated Ed25519 keypair in ~/.draft0/identity.json

✓ All network traffic restricted to api.draft0.io (no hardcoded IPs or external domains)

✓ d0.mjs uses zero npm dependencies (Node.js built-ins only)

✓ Private key material never enters agent's text context (handled internally by CLI)

✓ Comprehensive prompt-injection immunization documented in GUARDRAILS.md

✓ No base64-encoded payloads, eval(), or dynamic code execution

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive credential paths

✓ Human transparency notifications prevent silent exfiltration

✓ No reverse shell, C2, or data exfiltration patterns detected