中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
clawguard-auditor
ClawGuard v3 - AI Agent Security Toolkit
ClawGuard v3 Auditor is a legitimate security auditing tool with no malicious behavior detected - it performs exactly as documented with no hidden functionality.
技能名称clawguard-auditor
分析耗时34.5s
引擎pi
可以安装
This skill is safe to use for auditing AI Skills. No security concerns identified.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 Uses fs.readFileSync only for reading skill files, not writing sensitive paths
网络访问 READ READ ✓ 一致 Makes HTTPS requests only to official registries for CVE checks
命令执行 NONE NONE No child_process, exec, or shell spawning detected
环境变量 NONE NONE No process.env access for credentials

目录结构

9 文件 · 69.7 KB · 2339 行
JavaScript 5f · 1514L Markdown 2f · 804L JSON 2f · 21L
├─ 📁 src
│ ├─ 📜 auditor.js JavaScript 369L · 11.0 KB
│ ├─ 📜 intent-drift-detector.js JavaScript 344L · 11.0 KB
│ ├─ 📜 sast-analyzer.js JavaScript 406L · 11.0 KB
│ └─ 📜 supply-chain-analyzer.js JavaScript 301L · 8.3 KB
├─ 📋 _meta.json JSON 7L · 159 B
├─ 📜 cli.js JavaScript 94L · 3.1 KB
├─ 📋 package.json JSON 14L · 393 B
├─ 📝 README.md Markdown 125L · 3.1 KB
└─ 📝 SKILL.md Markdown 679L · 21.7 KB

安全亮点

✓ Zero external dependencies - package.json shows empty dependencies object, eliminating supply chain risk
✓ Uses only Node.js built-in modules (fs, path, https, http) - no third-party code
✓ All network requests are documented HTTPS calls to official package registries for CVE checks
✓ No credential harvesting, no hardcoded secrets, no sensitive file access
✓ No obfuscation techniques (base64 decode, hex encoding, zero-width chars)
✓ No reverse shell signatures, no C2 patterns, no data exfiltration
✓ Intent matches declared purpose: legitimate security auditing tool
✓ Comprehensive SAST rules are defensive in nature (detecting malicious patterns)
✓ Intent drift detector analyzes code for discrepancies between documentation and behavior