扫描报告
20 /100
zhua-distributed
爪爪分布式部署系统 —— 实现多实例协同、负载均衡、故障转移
A minimal, benign distributed system init script that creates local config files with no network, credential, or execution risks; the only concern is incomplete allowed-tools declaration in SKILL.md.
可以安装
Add explicit allowed-tools declaration and filesystem:WRITE permission to SKILL.md for the config directory write operation to fully document the skill's capabilities.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | SKILL.md missing allowed-tools declaration 文档欺骗 | SKILL.md:1 |
| 低危 | Placeholder scripts with no real functionality 文档欺骗 | scripts/example.py:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✗ 越权 | scripts/init_master.py:21 — Path.home() / ".zhua" / "distributed" with mkdir par… |
| 网络访问 | NONE | NONE | — | No network activity found in any script |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution in any script |
| 环境变量 | NONE | NONE | — | No os.environ access found |
| 数据库 | NONE | NONE | — | No database access found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser access found |
| 技能调用 | NONE | NONE | — | No skill invocation found |
目录结构
5 文件 · 6.4 KB · 216 行 Markdown 2f · 122L
Python 2f · 70L
Text 1f · 24L
├─
▾
assets
│ └─
example_asset.txt
Text
├─
▾
references
│ └─
api_reference.md
Markdown
├─
▾
scripts
│ ├─
example.py
Python
│ └─
init_master.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ No network requests, external IPs, or data exfiltration
✓ No credential harvesting or environment variable access
✓ No shell execution, subprocess, or curl/wget usage
✓ No base64, obfuscation, or anti-analysis patterns
✓ No sensitive paths (~/.ssh, ~/.aws, .env) accessed
✓ Simple, transparent Python code with no hidden functionality
✓ All reference docs and assets are clearly marked as placeholders
✓ No malicious indicators in pre-scan IOCs