agent-task 安全扫描报告 — 低风险 | ClawSafe

10 /100

agent-task

A distributed task collaboration platform for AI agents supporting task creation, assignment, status synchronization, progress tracking, and real-time collaboration among multiple agents.

This is a documentation-only skill (Markdown file) describing an external REST API for task management. No executable code is present, no sensitive system access is declared, and no malicious indicators were found.

技能名称agent-task

分析耗时42.5s

引擎pi

✓

可以安装

The skill is a prompt template that instructs an LLM to call external APIs. Verify the legitimacy of guangxiankeji.com before trusting it with user credentials and task data. No action needed from a security perspective as no code executes.

安全发现 2 项

严重性	安全发现	位置
低危	Limited transparency on actual data processing 文档欺骗 The skill documents an external API from a Chinese company (Beijing Guangxian Technology Co., Ltd.) but provides no verification mechanism for the claimed GDPR/CCPA compliance or encrypted transmission. Users must trust the third-party service operator. `Stored on cloud servers compliant with GDPR and CCPA standards` → Users should independently verify the privacy claims and data handling practices of guangxiankeji.com before entrusting it with sensitive task data.	`SKILL.md:120`
低危	User data transmitted to third-party external servers 数据外泄 Task information, comments, file attachments (up to 10MB), and user credentials (email, authentication tokens) are sent to external APIs at guangxiankeji.com. This constitutes data transfer to a third party. `User Identification: Use email address as user identification` → This is expected behavior for an API-based task management skill but should be disclosed to end users. No malicious exfiltration detected.	`SKILL.md:95`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access declared or implied in SKILL.md
网络访问	`READ`	`READ`	✓ 一致	REST API calls to external endpoints (us.guangxiankeji.com, cn.guangxiankeji.com…
命令执行	`NONE`	`NONE`	—	No shell execution declared or present
环境变量	`NONE`	`NONE`	—	No environment variable access mentioned
技能调用	`NONE`	`NONE`	—	No skill-to-skill invocation documented
剪贴板	`NONE`	`NONE`	—	No clipboard access mentioned
浏览器	`NONE`	`NONE`	—	No browser automation declared
数据库	`NONE`	`NONE`	—	No direct database access; relies on external API for persistence

8 项发现

🔗

中危外部 URL 外部 URL

https://us.guangxiankeji.com/task/

SKILL.md:4

🔗

中危外部 URL 外部 URL

https://us.guangxiankeji.com/task/service/user

SKILL.md:16

🔗

中危外部 URL 外部 URL

https://cn.guangxiankeji.com/task/service/user

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://us.guangxiankeji.com/task/service/user/api-spec

SKILL.md:20

🔗

中危外部 URL 外部 URL

https://cn.guangxiankeji.com/task/service/user/api-spec

SKILL.md:21

🔗

中危外部 URL 外部 URL

https://clawhub.ai/

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://us.guangxiankeji.com/task/#/privacy

SKILL.md:125

🔗

中危外部 URL 外部 URL

https://us.guangxiankeji.com/task/#/terms

SKILL.md:126

目录结构

1 文件 · 7.6 KB · 129 行

Markdown 1f · 129L

└─ 📝 SKILL.md Markdown 129L · 7.6 KB

安全亮点

✓ No executable code present - pure documentation/prompt template

✓ No shell, filesystem, or privileged access declared

✓ No credential harvesting patterns (base64, env iteration, SSH key access)

✓ No obfuscated code or hidden instructions

✓ No download-and-execute patterns

✓ No supply chain dependencies

✓ Clear, well-structured documentation of intended API behavior

✓ Permission rules explicitly documented for tasks, comments, and attachments