coffee-debugger Security Report — Trusted | ClawSafe

5 /100

coffee-debugger

开发者咖啡决策引擎。根据工作场景精准推荐最适合的咖啡。

A benign coffee recommendation skill implemented entirely in markdown. No scripts, code, or dependencies. Bash declared in allowed-tools but not visibly used in content.

Skill Namecoffee-debugger

Duration30.3s

Enginepi

✓

Safe to install

Skill is safe to use. The Bash declaration is unnecessary but poses no security risk given no shell execution is present.

Findings 1 items

Severity	Finding	Location
Low	Bash declared but not used Doc Mismatch allowed-tools lists Bash, but no shell commands appear in the skill content. The `!`date +%H:%M`` syntax is a template variable placeholder, not live shell execution. `allowed-tools: Read Bash` → Remove Bash from allowed-tools or document its intended use.	`SKILL.md:3`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	allowed-tools: Read

2 findings

🔗

Medium External URL 外部 URL

https://docs.anthropic.com/en/docs/claude-code

README.md:3

🔗

Medium External URL 外部 URL

https://clawhub.com/maximum2974/coffee-debugger

README.md:13

File Tree

2 files · 6.8 KB · 164 lines

Markdown 2f · 164L

├─ 📝 README.md Markdown 60L · 1.7 KB

└─ 📝 SKILL.md Markdown 104L · 5.1 KB

Security Positives

✓ No executable code or scripts present

✓ No credential access or exfiltration

✓ No network requests or C2 communication

✓ No obfuscation or encoded payloads

✓ Skill content is entirely static markdown decision logic

✓ No supply chain risks (no dependencies)

✓ No sensitive file access

Scan Report

Findings 1 items

File Tree

Security Positives