中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 5/100
Last scan:19 hr ago Rescan
5 /100
zhua-economy
爪爪自主经济系统 —— 技能变现、任务定价、收益分配、经济自治
A minimal skeleton skill with placeholder documentation and one benign example script. No malicious behavior detected; no sensitive operations performed.
Skill Namezhua-economy
Duration28.8s
Enginepi
Safe to install
This skill is essentially empty (stub documentation). No security concerns, but it also provides no functional value. Verify actual implementation scripts exist before deployment.

Findings 1 items

Severity Finding Location
Low
Documentation references non-existent scripts Doc Mismatch
SKILL.md references scripts (record_transaction.py, calculate_revenue.py, distribute_revenue.py, generate_report.py) that are not present in the scripts/ directory. Only example.py exists.
python3 scripts/record_transaction.py --type <类型> --amount <金额> --desc <描述>
→ Either implement the referenced scripts or remove references from documentation
 SKILL.md:59
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No scripts present to infer filesystem access
Network NONE NONE No network calls in example.py
Shell NONE NONE No subprocess or shell commands in example.py
Environment NONE NONE No os.environ access in example.py

File Tree

4 files · 4.4 KB · 154 lines
Markdown 2f · 111L Text 1f · 24L Python 1f · 19L
├─ 📁 assets
│ └─ 📄 example_asset.txt Text 24L · 865 B
├─ 📁 references
│ └─ 📝 api_reference.md Markdown 34L · 963 B
├─ 📁 scripts
│ └─ 🐍 example.py Python 19L · 583 B
└─ 📝 SKILL.md Markdown 77L · 2.0 KB

Security Positives

✓ No shell execution detected
✓ No credential harvesting or environment variable access
✓ No network requests or data exfiltration
✓ No obfuscation techniques (base64, eval, etc.)
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No malicious dependencies
✓ example.py is a simple, readable placeholder with no dangerous operations