扫描报告
0 /100
clawtrix-skill-advisor
Collective peer intelligence skill auditor and recommender
Clawtrix Skill Advisor is a pure documentation-based recommendation skill that reads local context files and queries public APIs for skill discovery. All declared capabilities align with the actual behavior - read-only operations with no exfiltration, credential access, or malicious patterns.
可以安装
No action required. This skill is safe to use as designed.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Reads SOUL.md, MEMORY.md, AGENTS.md for context (declared in SKILL.md) |
| 网络访问 | READ | READ | ✓ 一致 | Queries clawhub.ai/api/v1 for skill discovery (declared in SKILL.md) |
| 命令执行 | READ | READ | ✓ 一致 | Runs openclaw skills list and wc -c for file stats (declared in SKILL.md) |
| 环境变量 | NONE | NONE | — | Only checks optional CLAWBRAIN_API_URL env var; does not read credentials |
| 技能调用 | NONE | NONE | — | No skill invocation observed |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser usage |
| 数据库 | NONE | NONE | — | No database access |
目录结构
1 文件 · 13.0 KB · 249 行 Markdown 1f · 249L
└─
SKILL.md
Markdown
安全亮点
✓ Pure documentation-based skill (SKILL.md only) - no executable code to hide malicious behavior
✓ All network operations target declared public APIs (clawhub.ai)
✓ Explicitly states it never sends SOUL.md or agent configuration externally
✓ Never installs or removes anything - purely advisory role
✓ Owner approves every change before execution
✓ No credential harvesting or sensitive path access
✓ No obfuscation, base64, eval, or suspicious patterns
✓ No hidden functionality detected
✓ No supply chain dependencies with vulnerabilities