中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:21 hr ago Rescan
45 /100
exploration-mode-skill
AI self-exploration and autonomous task execution
Skill declares vague autonomous execution capabilities without specifying allowed tools or boundaries, creating significant doc-to-code verification gaps.
Skill Nameexploration-mode-skill
Duration26.3s
Enginepi
Use with caution
Request explicit documentation of allowed tools, resource permissions, and specific boundaries for autonomous task execution before deployment.

Findings 3 items

Severity Finding Location
Medium
Undeclared autonomous execution Doc Mismatch
Skill claims to execute tasks autonomously during 'idle time' but provides no documentation of what tools or permissions it requires to perform these operations
Autonomous task execution during idle
→ Document specific allowed tools and resource permissions required for each autonomous task category
 SKILL.md:12
Medium
Vague task scope without boundaries Doc Mismatch
'System cleanup', 'self-improvement', and 'system optimization' are ambiguous terms that could justify accessing sensitive system areas without explicit user consent
- System cleanup (系统清理)
- Self-reflection (自我反省)
- System optimization (系统优化)
→ Provide explicit enumeration of what constitutes each task category and what operations are explicitly excluded
 SKILL.md:17
Low
No declared permission model Priv Escalation
The skill makes no reference to allowed-tools or resource permission levels, making it impossible to verify if execution stays within intended boundaries
AI self-exploration and autonomous task execution
→ Add explicit allowed-tools declaration following standard format (e.g., Bash→shell:WRITE, Read→filesystem:READ)
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE UNKNOWN ✓ Aligned 'System cleanup' and 'self-improvement' imply file operations but none declared
Shell NONE UNKNOWN ✓ Aligned 'System optimization' suggests shell commands but no declaration
Network NONE UNKNOWN ✓ Aligned 'Project research' and 'knowledge accumulation' may involve network access
Skill Invoke NONE POSSIBLE ✓ Aligned Autonomous mode switching between Collaboration and Exploration modes implies dy…

File Tree

2 files · 1.1 KB · 55 lines
Markdown 1f · 45L JSON 1f · 10L
├─ 📋 _meta.json JSON 10L · 295 B
└─ 📝 SKILL.md Markdown 45L · 868 B

Security Positives

✓ No malicious code present - skill consists only of documentation
✓ No external dependencies or scripts to audit
✓ No IOCs (Indicators of Compromise) detected
✓ No base64, obfuscation, or anti-analysis techniques found
✓ No credential harvesting patterns detected
✓ No network exfiltration behavior detected