gougoubi-claim-all-rewards 安全扫描报告 — 可疑 | ClawSafe

45 /100

gougoubi-claim-all-rewards

One-click claim Gougoubi winner, governance, and LP rewards for cryptocurrency addresses

SKILL.md declares script entry points that do not exist in the package, creating a critical doc-to-code mismatch where the skill advertises functionality but has no actual implementation code.

技能名称gougoubi-claim-all-rewards

分析耗时32.9s

引擎pi

⚠

谨慎使用

Do not use this skill. The referenced scripts (pbft-claim-rewards-*.mjs) are not present in the package. Request the developer to provide the actual implementation scripts or remove the misleading documentation.

安全发现 2 项

严重性	安全发现	位置
高危	Missing implementation scripts 文档欺骗 SKILL.md declares three script entry points (scripts/pbft-claim-rewards-profile-method.mjs, scripts/pbft-claim-rewards-quick.mjs, scripts/pbft-claim-three-address-rewards.mjs) but these files do not exist in the package. Pre-scan confirms hasScripts: false. ## Project Scripts - `scripts/pbft-claim-rewards-profile-method.mjs` - `scripts/pbft-claim-rewards-quick.mjs` - `scripts/pbft-claim-three-address-rewards.mjs` → Either provide the actual script files or remove the 'Project Scripts' and 'Script Entry Points' sections from SKILL.md. A skill that cannot execute is not useful and may indicate an incomplete or malicious upload.	`SKILL.md:71`
中危	Execution instructions for non-existent files 文档欺骗 INSTALL.md and README.md provide commands to run the claimed scripts, but these scripts are not included in the package. `node scripts/pbft-claim-rewards-profile-method.mjs --help` → Remove or update installation verification commands to match actual package contents.	`INSTALL.md:24`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No scripts exist to analyze; declared filesystem access in SKILL.md cannot be ve…
网络访问	`NONE`	`NONE`	—	No scripts exist to analyze network behavior
命令执行	`NONE`	`NONE`	—	SKILL.md mentions 'node scripts/...' but scripts absent
环境变量	`NONE`	`NONE`	—	No code to analyze
技能调用	`NONE`	`NONE`	—	No code to analyze

1 项发现

🔗

中危外部 URL 外部 URL

https://gougoubi.ai

clawhub.json:22

目录结构

5 文件 · 5.0 KB · 219 行

Markdown 4f · 195L JSON 1f · 24L

├─ 📋 clawhub.json JSON 24L · 652 B

├─ 📝 INSTALL.md Markdown 33L · 698 B

├─ 📝 PUBLISH_CLAWHUB.md Markdown 16L · 296 B

├─ 📝 README.md Markdown 32L · 672 B

└─ 📝 SKILL.md Markdown 114L · 2.8 KB

安全亮点

✓ No malicious code detected (no scripts to analyze)

✓ No credential theft attempts observed

✓ No base64 encoded or obfuscated code present

✓ No network exfiltration code found

✓ No sensitive file access patterns detected

✓ No reverse shell or C2 infrastructure references in actual code