中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:22 hr ago Rescan
45 /100
ai-enterprise-knowledge-base
企业 AI 知识库 - 5分钟搭建企业内部问答系统,支持文档上传、智能检索、权限管理
This skill lacks any executable implementation — package.json declares index.js as the entry point but no such file exists, and no scripts are present despite the skill describing a full enterprise knowledge base system.
Skill Nameai-enterprise-knowledge-base
Duration52.0s
Enginepi
Use with caution
Do not install. The skill advertises extensive capabilities (document upload, vector search, LDAP auth, channel integrations) but provides zero implementation. This is either a stub/placeholder or the actual payload executes from the remote git clone URL (openclaw/openclaw), which cannot be audited. Request the full source code before any deployment.

Attack Chain 4 steps

Entry Skill presents as legitimate enterprise knowledge base with comprehensive documentation and branding
SKILL.md:1
Escalation Actual code is never bundled — package.json references non-existent index.js
package.json:3
Escalation SKILL.md instructs user to git clone openclaw/openclaw from GitHub at installation time, loading unaudited code
SKILL.md:20
Impact Unknown code executes in the user's environment — capabilities (filesystem, network, credentials) are entirely unconstrained and unauditable
N/A

Findings 4 items

Severity Finding Location
Medium
No executable implementation present Doc Mismatch
package.json declares 'index.js' as the main entry point but no such file exists in the skill package. The skill consists entirely of marketing documentation with no auditable code.
"main": "index.js"
→ Reject this skill until full source code is provided for security review. A skill that cannot execute any code has no verifiable security posture.
 package.json:3
High
Remote code execution via git clone Supply Chain
SKILL.md instructs users to run 'git clone https://github.com/openclaw/openclaw.git && cd openclaw && npm install'. This fetches the entire codebase from an external, unaudited repository at installation time, bypassing all local code review.
git clone https://github.com/openclaw/openclaw.git
→ Block any skill that instructs users to clone and execute code from external repositories. All code must be bundled within the skill package for offline review.
 SKILL.md:20
Medium
Feature claims unsupported by implementation Doc Mismatch
SKILL.md advertises LDAP/OAuth/SAML authentication, multi-channel integrations (Feishu/WeChat/DingTalk/Slack), vector database support, and knowledge graph extraction — yet no code exists to verify any of these claims.
Full SKILL.md describes enterprise features with no corresponding implementation
→ Any skill claiming sensitive capabilities (auth, integrations, credential handling) must include verifiable source code.
 SKILL.md:1
Low
External support contact for unaudited entity Doc Mismatch
Support email ([email protected]) and Telegram (@openclaw_service) reference an external organization not represented in the skill package itself.
[email protected], @openclaw_service
→ Verify the legitimacy of external contacts before engaging support. Do not share credentials or sensitive data with unverified contacts.
 SKILL.md:99
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No implementation files present — capabilities cannot be determined
Network NONE NONE SKILL.md references localhost:3000 API endpoints and external LLM providers (dee…
Shell NONE NONE No shell scripts found; however, SKILL.md instructs git clone from github.com/op…
Environment NONE NONE No code present to audit environment access
Skill Invoke NONE NONE No skill invocation code found
Clipboard NONE NONE No code present
Browser NONE NONE No code present
Database NONE NONE SKILL.md describes vector DB integration (milvus/pinecone) but no database code …
1 findings
📧
Info Email 邮箱地址
[email protected]
SKILL.md:99

File Tree

2 files · 2.6 KB · 122 lines
Markdown 1f · 104L JSON 1f · 18L
├─ 📋 package.json JSON 18L · 429 B
└─ 📝 SKILL.md Markdown 104L · 2.2 KB

Security Positives

✓ No hard-coded credentials, API keys, or tokens found in the skill package
✓ No base64-encoded payloads, eval() calls, or obfuscated code patterns observed
✓ No direct network requests to suspicious IPs or C2 infrastructure found
✓ No subprocess/shell execution code present in the local skill files
✓ No sensitive file access patterns detected (no ~/.ssh, ~/.aws, .env access in local code)
✓ No cron jobs, startup scripts, or persistence mechanisms found