conference-abstract-adaptor 安全扫描报告 — 低风险 | ClawSafe

20 /100

conference-abstract-adaptor

Adapt abstracts to meet specific conference word limits and formats

Conference Abstract Adaptor skill performs only declared text-processing functionality with no sensitive resource access, but SKILL.md fails to declare required filesystem permissions in the allowed-tools section.

技能名称conference-abstract-adaptor

分析耗时24.7s

引擎pi

✓

可以安装

Add allowed-tools declaration to SKILL.md specifying Read (filesystem:READ) and Write (filesystem:WRITE) to match the script's actual resource usage. Complete the security checklist items to document the security posture accurately.

安全发现 2 项

严重性	安全发现	位置
低危	Missing allowed-tools declaration 文档欺骗 SKILL.md declares risk_level 'Medium' and documents file read/write operations but omits the allowed-tools section entirely. This is a documentation gap — not a security violation in the code itself. `No allowed-tools section present in the SKILL.md metadata` → Add an allowed-tools section mapping Read→filesystem:READ and Write→filesystem:WRITE to accurately reflect the skill's resource requirements.	`SKILL.md:1`
低危	Incomplete security checklist 文档欺骗 All 9 security checklist items in SKILL.md are unchecked, leaving the security posture undocumented. While the code does not exhibit the listed risks, the unchecked state could mislead reviewers. `- [ ] No hardcoded credentials or API keys` → Mark all applicable checklist items as completed to accurately document the security posture, since the code contains no hardcoded credentials, no path traversal, no prompt injection vectors, and uses only stdlib.	`SKILL.md:45`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	scripts/main.py:130 — open(args.abstract) read; scripts/main.py:139 — open(args.…
网络访问	`NONE`	`NONE`	—	No network imports or requests found in scripts/main.py
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution in scripts/main.py
环境变量	`NONE`	`NONE`	—	No os.environ access in scripts/main.py
技能调用	`NONE`	`NONE`	—	No skill invocation patterns found
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser access found
数据库	`NONE`	`NONE`	—	No database access found

目录结构

2 文件 · 8.4 KB · 256 行

Python 1f · 146L Markdown 1f · 110L

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 146L · 5.2 KB

└─ 📝 SKILL.md Markdown 110L · 3.2 KB

安全亮点

✓ No subprocess, os.system, or any shell execution — pure Python with stdlib only

✓ No network requests or external API calls of any kind

✓ No credential harvesting, environment variable iteration, or sensitive file access

✓ No obfuscation (base64, eval, atob) or anti-analysis patterns

✓ No path traversal vulnerabilities — input files read directly via argparse

✓ No hidden functionality — all code paths visible and match stated purpose

✓ No supply chain risk — zero third-party dependencies

✓ Functionality is straightforward text processing (word counting, compression, formatting)