skill-security-vet Security Report — High Risk | ClawSafe

68 /100

skill-security-vet

技能安全審核 - 整合本地掃描 + VirusTotal 雲端威脅情報

Undeclared computer-wide filesystem scanning and auto-quarantine capabilities discovered - SKILL.md only mentions skill scanning but code includes full drive scanning mode.

Skill Nameskill-security-vet

Duration40.9s

Enginepi

⛔

Do not install this skill

Remove local/full scanning modes or document them clearly with explicit user consent. The computer-wide scanning capability is highly suspicious for a skill auditing tool.

Attack Chain 4 steps

◎

Entry User installs skill-security-vet believing it only scans installed skills

SKILL.md:1

⬡

Escalation Attacker or compromised tool uses 'local' or 'full' mode to scan entire computer filesystem

vet.ts:219

⬡

Escalation Tool iterates through directories searching for sensitive files and credential patterns

vet.ts:239

◉

Impact Files matching danger patterns are auto-quarantined or removed without user consent

vet.ts:160

Findings 5 items

Severity	Finding	Location
High	Undeclared local/full computer scanning mode vet.ts contains 'local' and 'full' scanning modes that recursively scan entire system drives (C:, D:, E:, F: on Windows, / on Unix) up to depth 5, examining 10,000+ files. SKILL.md only describes scanning installed skills in ~/.opencode/skill. `async function scanLocalComputer(drive: string, config: Config): Promise<ScanResult[]> {` → Remove local/full modes or clearly document computer-wide scanning capability in SKILL.md	`vet.ts:219`
High	Automatic file quarantine without consent The tool automatically quarantines (copies and deletes) or removes files identified as dangerous without prompting for user consent per operation. Configured via --auto flag. `if (result.status === 'danger' && (autoMode \|\| config.autoRemove)) { if (config.autoQuarantine) { await quarantineFile(skillPath) }` → Require explicit user confirmation before auto-quarantine, or document this behavior prominently	`vet.ts:160`
Medium	Undocumented VirusTotal API integration Code integrates with VirusTotal API to submit file hashes for scanning. While the SKILL.md mentions VirusTotal, it doesn't detail the API endpoint or that file hashes are sent externally. const response = await fetch(`https://www.virustotal.com/api/v3/files/${hash}` → Document what data is sent to VirusTotal (file hashes only vs content)	`vet.ts:127`
Medium	Suspicious file pattern matching Tool scans for credential-related patterns including decodeURIComponent with password/token, keyloggers, remote connection attempts (SSH/RDP). While legitimate for security scanning, combined with undeclared full drive access this could be used for credential harvesting. `{ pattern: /decodeURIComponent.password\|decodeURIComponent.token/g, type: '密碼竊取模式' }` → Clarify intent - a skill security tool should not need to detect password theft patterns on user's computer	`vet.ts:50`
Low	Broad exclusion list suggests awareness of sensitive areas The excludeSet includes AppData/Local/Temp, Windows, Program Files, etc. This suggests the tool is aware of and avoids Windows system areas while potentially targeting user data areas. `const excludeSet = new Set(['node_modules', '.git', 'Windows', 'Program Files'...` → Review exclusion list - consider if this is protective or targeted	`vet.ts:239`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ+WRITE`	✗ Violation	vet.ts:219-263 (scanLocalComputer function scans entire drives)
Network	`NONE`	`READ`	✗ Violation	vet.ts:127-154 (VirusTotal API calls not mentioned in docs)
Shell	`NONE`	`NONE`	—	No shell execution found

2 findings

🔗

Medium External URL 外部 URL

https://virustotal.com

SKILL.md:46

🔗

Medium External URL 外部 URL

https://www.virustotal.com/api/v3/files/$

vet.ts:127

File Tree

3 files · 29.6 KB · 885 lines

TypeScript 2f · 768L Markdown 1f · 117L

├─ 📝 SKILL.md Markdown 117L · 3.0 KB

├─ 📜 startup-scan.ts TypeScript 284L · 10.0 KB

└─ 📜 vet.ts TypeScript 484L · 16.6 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`bun`	`bundled`	system	No	Bun runtime required

Security Positives

✓ Security scanning patterns are well-defined and comprehensive

✓ Uses VirusTotal for external threat intelligence (legitimate security tool feature)

✓ No direct exfiltration of credentials observed - only pattern matching

✓ No reverse shell, C2, or direct malicious code execution

✓ API key stored locally in config directory, not hardcoded

Scan Report

Attack Chain 4 steps

Findings 5 items

File Tree

Dependencies 1 items

Security Positives