rubric-gap-analyzer 安全扫描报告 — 低风险 | ClawSafe

18 /100

rubric-gap-analyzer

读取评分标准、作业要求或评估rubric，分析当前草稿的差距并给出提分计划

Legitimate rubric analysis skill with minor documentation gap around shell execution, but no malicious behavior detected.

技能名称rubric-gap-analyzer

分析耗时27.5s

引擎pi

✓

可以安装

Add explicit shell:READ declaration in SKILL.md metadata to match actual pbpaste usage.

安全发现 1 项

严重性	安全发现	位置
低危	Shell execution not explicitly declared 文档欺骗 SKILL.md metadata declares requires.bins=['node','pbpaste'] but does not explicitly declare shell:WRITE in capability mapping. The execSync call in scripts/read_clipboard.mjs uses shell execution. `return execSync('pbpaste', { encoding: 'utf8' }).trim();` → Add shell:READ or shell:WRITE to the skill's declared capabilities in _meta.json or SKILL.md metadata if that's the mechanism used for permission mapping.	`scripts/read_clipboard.mjs:9`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in read_clipboard.mjs
网络访问	`NONE`	`NONE`	—	No network requests found
命令执行	`NONE`	`WRITE`	✓ 一致	scripts/read_clipboard.mjs:9 - execSync('pbpaste')
环境变量	`NONE`	`NONE`	—	No environment variable access
剪贴板	`READ`	`READ`	✓ 一致	scripts/read_clipboard.mjs:9 - pbpaste reads clipboard
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

4 文件 · 1.8 KB · 88 行

Markdown 3f · 69L JavaScript 1f · 19L

├─ ▾ 📁 scripts

│ └─ 📜 read_clipboard.mjs JavaScript 19L · 445 B

├─ 📝 CHANGELOG.md Markdown 5L · 102 B

├─ 📝 README.md Markdown 26L · 362 B

└─ 📝 SKILL.md Markdown 38L · 929 B

✓ Clear, readable code with no obfuscation

✓ No credential access or harvesting

✓ No data exfiltration - clipboard content processed locally

✓ macOS-specific tool requirement (pbpaste) is appropriate for stated purpose

✓ No external network requests or dependencies

✓ Functionality is accurately described in SKILL.md