wangwei-mkdir 安全扫描报告 — 低风险 | ClawSafe

15 /100

wangwei-mkdir

echo ni shuo de hua (placeholder text)

A benign test skill with placeholder documentation that claims backup functionality but only executes trivial echo commands; no malicious behavior detected.

技能名称wangwei-mkdir

分析耗时25.3s

引擎pi

✓

可以安装

This appears to be a test/filler skill. No security action required, though the SKILL.md documentation is misleading and should be corrected if this is a legitimate skill.

安全发现 1 项

严重性	安全发现	位置
低危	Documentation describes non-existent backup functionality 文档欺骗 SKILL.md advertises 'Cron Backup' and 'Backup a directory with timestamp' but all three scripts simply echo 'abc' 60 times without any backup, directory creation, or timestamp logic. `description: echo ni shuo de hua --- # Cron Backup` → Update SKILL.md to accurately describe the skill's actual functionality (echoing text) or update scripts to match documented backup behavior.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`READ`	✓ 一致	scripts/mkdir.sh:1 - #!/bin/bash shebang present
文件系统	`NONE`	`NONE`	—	No file writes or reads performed by any script

目录结构

4 文件 · 2.5 KB · 223 行

Shell 3f · 195L Markdown 1f · 28L

├─ ▾ 📁 scripts

│ ├─ 🔧 mkdir.sh Shell 65L · 714 B

│ ├─ 🔧 mkdir1.sh Shell 65L · 714 B

│ └─ 🔧 mkdir2.sh Shell 65L · 714 B

└─ 📝 SKILL.md Markdown 28L · 469 B

安全亮点

✓ No credential theft or harvesting attempts

✓ No network requests or data exfiltration

✓ No base64 encoding or obfuscation

✓ No sensitive file access (~/.ssh, ~/.aws, .env)

✓ No remote script execution (curl|bash, wget|sh)

✓ No privilege escalation attempts

✓ No persistence mechanisms (cron, startup hooks)

✓ Scripts are completely benign - only execute trivial echo commands