rubric-gap-analyzer Security Report — Low Risk | ClawSafe

18 /100

rubric-gap-analyzer

读取评分标准、作业要求或评估rubric，分析当前草稿的差距并给出提分计划

Legitimate rubric analysis skill with minor documentation gap around shell execution, but no malicious behavior detected.

Skill Namerubric-gap-analyzer

Duration27.5s

Enginepi

✓

Safe to install

Add explicit shell:READ declaration in SKILL.md metadata to match actual pbpaste usage.

Findings 1 items

Severity	Finding	Location
Low	Shell execution not explicitly declared Doc Mismatch SKILL.md metadata declares requires.bins=['node','pbpaste'] but does not explicitly declare shell:WRITE in capability mapping. The execSync call in scripts/read_clipboard.mjs uses shell execution. `return execSync('pbpaste', { encoding: 'utf8' }).trim();` → Add shell:READ or shell:WRITE to the skill's declared capabilities in _meta.json or SKILL.md metadata if that's the mechanism used for permission mapping.	`scripts/read_clipboard.mjs:9`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in read_clipboard.mjs
Network	`NONE`	`NONE`	—	No network requests found
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/read_clipboard.mjs:9 - execSync('pbpaste')
Environment	`NONE`	`NONE`	—	No environment variable access
Clipboard	`READ`	`READ`	✓ Aligned	scripts/read_clipboard.mjs:9 - pbpaste reads clipboard
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

4 files · 1.8 KB · 88 lines

Markdown 3f · 69L JavaScript 1f · 19L

├─ ▾ 📁 scripts

│ └─ 📜 read_clipboard.mjs JavaScript 19L · 445 B

├─ 📝 CHANGELOG.md Markdown 5L · 102 B

├─ 📝 README.md Markdown 26L · 362 B

└─ 📝 SKILL.md Markdown 38L · 929 B

✓ Clear, readable code with no obfuscation

✓ No credential access or harvesting

✓ No data exfiltration - clipboard content processed locally

✓ macOS-specific tool requirement (pbpaste) is appropriate for stated purpose

✓ No external network requests or dependencies

✓ Functionality is accurately described in SKILL.md