coffee-debugger 安全扫描报告 — 可信 | ClawSafe

5 /100

coffee-debugger

开发者咖啡决策引擎。根据工作场景精准推荐最适合的咖啡。

A benign coffee recommendation skill implemented entirely in markdown. No scripts, code, or dependencies. Bash declared in allowed-tools but not visibly used in content.

技能名称coffee-debugger

分析耗时30.3s

引擎pi

✓

可以安装

Skill is safe to use. The Bash declaration is unnecessary but poses no security risk given no shell execution is present.

安全发现 1 项

严重性	安全发现	位置
低危	Bash declared but not used 文档欺骗 allowed-tools lists Bash, but no shell commands appear in the skill content. The `!`date +%H:%M`` syntax is a template variable placeholder, not live shell execution. `allowed-tools: Read Bash` → Remove Bash from allowed-tools or document its intended use.	`SKILL.md:3`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	allowed-tools: Read

2 项发现

🔗

中危外部 URL 外部 URL

https://docs.anthropic.com/en/docs/claude-code

README.md:3

🔗

中危外部 URL 外部 URL

https://clawhub.com/maximum2974/coffee-debugger

README.md:13

目录结构

2 文件 · 6.8 KB · 164 行

Markdown 2f · 164L

├─ 📝 README.md Markdown 60L · 1.7 KB

└─ 📝 SKILL.md Markdown 104L · 5.1 KB

安全亮点

✓ No executable code or scripts present

✓ No credential access or exfiltration

✓ No network requests or C2 communication

✓ No obfuscation or encoded payloads

✓ Skill content is entirely static markdown decision logic

✓ No supply chain risks (no dependencies)

✓ No sensitive file access