security-shield-enhanced Security Report — Trusted | ClawSafe

5 /100

security-shield-enhanced

Defense against prompt injection, jailbreaks, social engineering, and credential leakage with enhanced workflow compatibility.

Pure documentation skill containing security best practices and guidance with no executable components, network access, or sensitive resource interactions.

Skill Namesecurity-shield-enhanced

Duration30.0s

Enginepi

✓

Safe to install

No action required. The skill is a defensive reference guide with no security risks. Consider clarifying placeholder values in crypto-examples.md to use clearly-fake formats (e.g., FAKE_PASSWORD_XXXX) to avoid confusion.

Findings 1 items

Severity	Finding	Location
Low	Placeholder value resembles real credential Doc Mismatch crypto-examples.md:53 uses 'user-password-here' as placeholder. While labeled as placeholder, using password-like formats can be confusing. Consider using clearly-fake format like 'FAKE_PASSWORD_REPLACE_ME'. `password = "user-password-here" # placeholder` → Use clearly artificial placeholder patterns like 'FAKE_PASSWORD_XXXX' or 'REPLACE_WITH_YOUR_VALUE' that cannot be mistaken for real credentials.	`references/crypto-examples.md:53`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in any documentation
Network	`NONE`	`NONE`	—	No network requests or external calls
Shell	`NONE`	`NONE`	—	No shell execution capability
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capability
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser capability
Database	`NONE`	`NONE`	—	No database access

1 High 3 findings

🔑

High API Key 疑似硬编码凭证

password = "user-password-here"

references/crypto-examples.md:53

🔗

Medium External URL 外部 URL

https://target.com

references/audit-checklist.md:156

📧

Info Email 邮箱地址

[email protected]

references/crypto-examples.md:66

File Tree

8 files · 33.1 KB · 1338 lines

Markdown 7f · 1313L JSON 1f · 25L

├─ ▾ 📁 references

│ ├─ 📝 attack-patterns.md Markdown 115L · 3.8 KB

│ ├─ 📝 audit-checklist.md Markdown 212L · 5.5 KB

│ ├─ 📝 crypto-examples.md Markdown 182L · 4.3 KB

│ └─ 📝 security-best-practices.md Markdown 299L · 6.5 KB

├─ 📋 _meta.json JSON 25L · 783 B

├─ 📝 README.md Markdown 107L · 3.2 KB

├─ 📝 SKILL.md Markdown 233L · 5.7 KB

└─ 📝 USAGE-GUIDE.md Markdown 165L · 3.3 KB

Security Positives

✓ No executable code or scripts present - purely documentation

✓ No network access or external communications

✓ No filesystem access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No credential harvesting or exfiltration behavior

✓ Defensive security skill designed to protect against attacks

✓ Comprehensive security guidance following industry best practices

✓ References OWASP, NIST, and standard security frameworks

✓ Skill explicitly states pattern-strings: false - no hidden prompt content

✓ MIT-0 license allows unrestricted use

Scan Report

Findings 1 items

File Tree

Security Positives