space-query-skill Security Report — Trusted | ClawSafe

5 /100

space-query-skill

Multi-platform query builder for network asset discovery (FOFA, Quake, ZoomEye, Shodan)

Pure documentation skill for building network asset discovery queries; no executable code, no malicious functionality, and flagged IPs are standard example/demonstration addresses.

Skill Namespace-query-skill

Duration37.8s

Enginepi

✓

Safe to install

No action required. The skill is safe to use as designed.

Findings 1 items

Severity	Finding	Location
Info	Hardcoded IP addresses in documentation Doc Mismatch resources/fields.md contains example IP addresses (1.1.1.1, 220.181.111.1, 1.2.3.4) used as demonstration data for query syntax examples. These are standard example IPs, not indicators of malicious targeting. ip \| IPv4 address \| `ip="1.1.1.1"` → This is benign - 1.1.1.1 is Cloudflare DNS, 220.181.111.1 is demonstration data, 1.2.3.4 is IANA reserved example IP.	`resources/fields.md:10`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md uses Read operations to access resources/fields.md
Network	`READ`	`READ`	✓ Aligned	SKILL.md instructs to use WebSearch for official CVE queries only
Shell	`NONE`	`NONE`	—	No shell commands found in skill
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capability declared
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

3 High 9 findings

📡

High IP Address 硬编码 IP 地址

1.1.1.1

resources/fields.md:10

📡

High IP Address 硬编码 IP 地址

220.181.111.1

resources/fields.md:11

📡

High IP Address 硬编码 IP 地址

1.2.3.4

resources/fields.md:76

🔗

Medium External URL 外部 URL

https://fofa.info

README.md:9

🔗

Medium External URL 外部 URL

https://quake.360.net

README.md:10

🔗

Medium External URL 外部 URL

https://zoomeye.org

README.md:11

🔗

Medium External URL 外部 URL

https://shodan.io

README.md:12

🔗

Medium External URL 外部 URL

https://en.fofa.info/blog

metadata.json:11

🔗

Medium External URL 外部 URL

https://quake.360.net/blog

metadata.json:12

File Tree

7 files · 21.9 KB · 683 lines

Markdown 5f · 634L JSON 2f · 49L

├─ ▾ 📁 evals

│ └─ 📋 evals.json JSON 35L · 1.3 KB

├─ ▾ 📁 resources

│ └─ 📝 fields.md Markdown 233L · 7.2 KB

├─ 📝 AGENTS.md Markdown 69L · 2.2 KB

├─ 📝 CLAUDE.md Markdown 46L · 1.4 KB

├─ 📋 metadata.json JSON 14L · 560 B

├─ 📝 README.md Markdown 80L · 1.9 KB

└─ 📝 SKILL.md Markdown 206L · 7.4 KB

Security Positives

✓ Pure documentation skill with no executable code

✓ No shell commands, scripts, or binary files present

✓ All functionality clearly declared in SKILL.md

✓ No credential harvesting, data exfiltration, or persistence mechanisms

✓ External URLs are legitimate platform references (fofa.info, quake.360.net, etc.)

✓ CVE query methodology is well-documented and follows responsible disclosure practices

Scan Report

Findings 1 items

File Tree

Security Positives