gangjing (杠精) 安全扫描报告 — 可信 | ClawSafe

0 /100

gangjing (杠精)

A devil's advocate meta-skill for AI agents — provides structured frameworks to critique user decisions, challenge assumptions, and identify weaknesses in technical plans. Pure markdown documentation with no executable code.

This is a pure markdown meta-skill providing a structured framework for AI agents to critique user decisions (杠精/devil's advocate). No code, scripts, or binaries are present — only documentation describing conversational behavior patterns and theoretical attack frameworks.

技能名称gangjing (杠精)

分析耗时37.7s

引擎pi

✓

可以安装

This skill is safe to use. It contains no executable code, no sensitive file access, no network activity, and no credential harvesting. The referenced attack engine scripts (harness.py, harness.js, report_html.py) do not exist in this distribution and are only described as optional tools for a hypothetical 'complete repository version' — with documented fallback behavior when absent.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No read/write declarations; no scripts to perform I/O
网络访问	`NONE`	`NONE`	—	No curl/wget/requests/network calls; documentation-only
命令执行	`NONE`	`NONE`	—	No subprocess/Popen/Command execution; pure markdown
环境变量	`NONE`	`NONE`	—	No os.environ iteration; no credential access
技能调用	`NONE`	`NONE`	—	Meta-skill for critique frameworks only
剪贴板	`NONE`	`NONE`	—	Not referenced anywhere
浏览器	`NONE`	`NONE`	—	Not referenced anywhere
数据库	`NONE`	`NONE`	—	Not referenced anywhere

目录结构

8 文件 · 41.7 KB · 1193 行

Markdown 8f · 1193L

├─ ▾ 📁 references

│ ├─ 📝 attack-dimensions.md Markdown 246L · 7.4 KB

│ ├─ 📝 intensity-calibration.md Markdown 146L · 4.3 KB

│ └─ 📝 tool-integration.md Markdown 133L · 3.3 KB

├─ ▾ 📁 templates

│ └─ 📝 decision-autopsy.md Markdown 89L · 2.1 KB

├─ 📝 PROMO.md Markdown 24L · 635 B

├─ 📝 README.md Markdown 162L · 7.5 KB

├─ 📝 SKILL.md Markdown 354L · 15.4 KB

└─ 📝 USAGE.md Markdown 39L · 1.1 KB

安全亮点

✓ No executable code — skill is 100% markdown documentation

✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env, etc.)

✓ No credential harvesting — no iteration through environment variables for keys

✓ No network egress — no curl/wget, no external IP connections

✓ No obfuscation — no base64, atob(), eval(), or encoded payloads

✓ All behavior is fully documented in SKILL.md — no hidden functionality

✓ Referenced attack engine scripts are absent but the absence is documented with a fallback path

✓ No supply chain risk — no dependencies, no package files

✓ No persistence mechanisms — no cron, startup hooks, or backdoor installation

✓ No prompt injection — no jailbreak instructions or hidden LLM manipulation