zhua-economy 安全扫描报告 — 低风险 | ClawSafe

5 /100

zhua-economy

爪爪自主经济系统 —— 技能变现、任务定价、收益分配、经济自治

A minimal skeleton skill with placeholder documentation and one benign example script. No malicious behavior detected; no sensitive operations performed.

技能名称zhua-economy

分析耗时28.8s

引擎pi

✓

可以安装

This skill is essentially empty (stub documentation). No security concerns, but it also provides no functional value. Verify actual implementation scripts exist before deployment.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation references non-existent scripts 文档欺骗 SKILL.md references scripts (record_transaction.py, calculate_revenue.py, distribute_revenue.py, generate_report.py) that are not present in the scripts/ directory. Only example.py exists. `python3 scripts/record_transaction.py --type <类型> --amount <金额> --desc <描述>` → Either implement the referenced scripts or remove references from documentation	`SKILL.md:59`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No scripts present to infer filesystem access
网络访问	`NONE`	`NONE`	—	No network calls in example.py
命令执行	`NONE`	`NONE`	—	No subprocess or shell commands in example.py
环境变量	`NONE`	`NONE`	—	No os.environ access in example.py

目录结构

4 文件 · 4.4 KB · 154 行

Markdown 2f · 111L Text 1f · 24L Python 1f · 19L

├─ ▾ 📁 assets

│ └─ 📄 example_asset.txt Text 24L · 865 B

├─ ▾ 📁 references

│ └─ 📝 api_reference.md Markdown 34L · 963 B

├─ ▾ 📁 scripts

│ └─ 🐍 example.py Python 19L · 583 B

└─ 📝 SKILL.md Markdown 77L · 2.0 KB

安全亮点

✓ No shell execution detected

✓ No credential harvesting or environment variable access

✓ No network requests or data exfiltration

✓ No obfuscation techniques (base64, eval, etc.)

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No malicious dependencies

✓ example.py is a simple, readable placeholder with no dangerous operations