安全决策报告
exploration-mode-skill
Skill declares vague autonomous execution capabilities without specifying allowed tools or boundaries, creating significant doc-to-code verification gaps.
为什么得出这个结论
0/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
No allowed-tools declaration +15
SKILL.md does not declare any permitted tools despite claiming autonomous execution capabilities
Vague autonomous behavior scope +15
'System cleanup' and 'self-improvement' suggest undocumented file/shell operations
No execution boundaries defined +10
Idle-time autonomous execution lacks clear user consent mechanisms or scope limits
No scripts to verify declared behavior +5
Skill contains no implementation files to validate documentation claims
最关键的证据
中危 文档欺骗
Undeclared autonomous execution
Skill claims to execute tasks autonomously during 'idle time' but provides no documentation of what tools or permissions it requires to perform these operations
SKILL.md:12 Document specific allowed tools and resource permissions required for each autonomous task category
中危 文档欺骗
Vague task scope without boundaries
'System cleanup', 'self-improvement', and 'system optimization' are ambiguous terms that could justify accessing sensitive system areas without explicit user consent
SKILL.md:17 Provide explicit enumeration of what constitutes each task category and what operations are explicitly excluded
低危 权限提升
No declared permission model
The skill makes no reference to allowed-tools or resource permission levels, making it impossible to verify if execution stays within intended boundaries
SKILL.md:1 Add explicit allowed-tools declaration following standard format (e.g., Bash→shell:WRITE, Read→filesystem:READ)
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 UNKNOWN
'System cleanup' and 'self-improvement' imply file operations but none declared 命令执行 通过
声明 NONE
→ 推断 UNKNOWN
'System optimization' suggests shell commands but no declaration 网络访问 通过
声明 NONE
→ 推断 UNKNOWN
'Project research' and 'knowledge accumulation' may involve network access 技能调用 通过
声明 NONE
→ 推断 POSSIBLE
Autonomous mode switching between Collaboration and Exploration modes implies dynamic skill invocation 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 55 行
Markdown 1 个文件 · 45 行JSON 1 个文件 · 10 行
需关注文件 · 1
SKILL.md Undeclared autonomous execution · Vague task scope without boundaries · No declared permission model
其他文件 · _meta.json
安全亮点
No malicious code present - skill consists only of documentation
No external dependencies or scripts to audit
No IOCs (Indicators of Compromise) detected
No base64, obfuscation, or anti-analysis techniques found
No credential harvesting patterns detected
No network exfiltration behavior detected