安全决策报告
Unknown (E-SafeNet LOCK visible in binary)
SKILL.md contains binary/corrupted content instead of readable documentation, preventing any verification of skill behavior or declared capabilities.
最直接的威胁证据
严重 代码混淆
Binary content in SKILL.md SKILL.md contains binary/encoded data (6.3KB) instead of readable markdown documentation. This prevents any security audit of the skill's stated behavior, declared permissions, or intended functionality.
SKILL.md:1 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Skill distributed with binary SKILL.md that appears legitimate but contains no verifiable documentation
初始入口 · SKILL.md:1
02
Binary content hides true skill functionality from security audits
stealth · SKILL.md:1
03
Potential for undeclared sensitive behavior (credential access, data exfiltration, shell execution) cannot be ruled out
最终危害 · SKILL.md:1
风险分是怎么被拉高的
Binary content in SKILL.md +30
SKILL.md contains binary/encoded data instead of readable markdown - cannot verify stated behavior
Complete obfuscation +20
No transparent documentation means the skill's true purpose is hidden
Unverifiable capabilities +10
Cannot map declared vs inferred permissions without readable SKILL.md
No implementation files +10
No scripts or code files present - skill may execute entirely through hidden mechanisms
最关键的证据
严重 代码混淆
Binary content in SKILL.md
SKILL.md contains binary/encoded data (6.3KB) instead of readable markdown documentation. This prevents any security audit of the skill's stated behavior, declared permissions, or intended functionality.
SKILL.md:1 Reject this skill. A legitimate skill should provide clear, human-readable documentation. Binary SKILL.md content is a strong indicator of obfuscation or malicious intent.
高危 文档欺骗
No verifiable documentation
The skill provides no readable documentation, making it impossible to verify what it does, what permissions it requires, or what data it accesses.
SKILL.md:1 Request documentation from the skill publisher. Without readable SKILL.md, this skill cannot be approved for use.
声明能力 vs 实际能力
文件系统 通过
声明 UNKNOWN
→ 推断 UNKNOWN
Cannot read SKILL.md to verify declared permissions 网络访问 通过
声明 UNKNOWN
→ 推断 UNKNOWN
Cannot read SKILL.md to verify network access 命令执行 通过
声明 UNKNOWN
→ 推断 UNKNOWN
Cannot read SKILL.md to verify shell access 环境变量 通过
声明 UNKNOWN
→ 推断 UNKNOWN
Cannot read SKILL.md to verify environment access 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 11 行
Markdown 1 个文件 · 11 行
需关注文件 · 1
SKILL.md Binary content in SKILL.md · No verifiable documentation
安全亮点
没有额外的安全亮点说明。