扫描报告
20 /100
face-swap
Guide users to VideoAny Face Swap tool to create AI face swap videos
This is a legitimate face swap guidance skill that prints formatted instructions directing users to an external web service. The shell:exec permission is declared but not actually used by any script, representing minor over-declaration.
可以安装
Consider removing the undeclared shell:exec permission if subprocess execution is not required. The skill would function identically with filesystem:READ only (for potential config files).
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Over-declared shell permission 文档欺骗 | SKILL.md:3 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | ADMIN | NONE | ✓ 一致 | SKILL.md declares shell:exec, but guide_face_swap.py only uses argparse and prin… |
| 文件系统 | NONE | NONE | — | No file operations in any script |
| 网络访问 | NONE | NONE | — | No HTTP requests made |
2 项发现
中危 外部 URL 外部 URL
https://videoany.io/face-swap SKILL.md:14 中危 外部 URL 外部 URL
https://videoany.io/face-swap. clawhub.json:4 目录结构
8 文件 · 8.2 KB · 262 行 Python 4f · 184L
Markdown 1f · 59L
JSON 2f · 18L
Text 1f · 1L
├─
▾
scripts
│ ├─
convert_image_to_svg.py
Python
│ ├─
convert_svg.py
Python
│ ├─
guide_face_swap.py
Python
│ └─
guide_image_to_video.py
Python
├─
_meta.json
JSON
├─
clawhub.json
JSON
├─
requirements.txt
Text
└─
SKILL.md
Markdown
安全亮点
✓ No credential harvesting - no access to environment variables or sensitive paths
✓ No data exfiltration - no network requests or data transmission
✓ No obfuscation - all code is plain text Python
✓ No dependencies required - requirements.txt is empty
✓ Pure guidance tool with no side effects beyond printing text
✓ Includes responsible-use reminders for face swap ethics
✓ Backward-compatible wrappers are benign pass-through imports