exploration-mode-skill 安全扫描报告 — 可疑 | ClawSafe

45 /100

exploration-mode-skill

AI self-exploration and autonomous task execution

Skill declares vague autonomous execution capabilities without specifying allowed tools or boundaries, creating significant doc-to-code verification gaps.

技能名称exploration-mode-skill

分析耗时26.3s

引擎pi

⚠

谨慎使用

Request explicit documentation of allowed tools, resource permissions, and specific boundaries for autonomous task execution before deployment.

安全发现 3 项

严重性	安全发现	位置
中危	Undeclared autonomous execution 文档欺骗 Skill claims to execute tasks autonomously during 'idle time' but provides no documentation of what tools or permissions it requires to perform these operations `Autonomous task execution during idle` → Document specific allowed tools and resource permissions required for each autonomous task category	`SKILL.md:12`
中危	Vague task scope without boundaries 文档欺骗 'System cleanup', 'self-improvement', and 'system optimization' are ambiguous terms that could justify accessing sensitive system areas without explicit user consent `- System cleanup (系统清理) - Self-reflection (自我反省) - System optimization (系统优化)` → Provide explicit enumeration of what constitutes each task category and what operations are explicitly excluded	`SKILL.md:17`
低危	No declared permission model 权限提升 The skill makes no reference to allowed-tools or resource permission levels, making it impossible to verify if execution stays within intended boundaries `AI self-exploration and autonomous task execution` → Add explicit allowed-tools declaration following standard format (e.g., Bash→shell:WRITE, Read→filesystem:READ)	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`UNKNOWN`	✓ 一致	'System cleanup' and 'self-improvement' imply file operations but none declared
命令执行	`NONE`	`UNKNOWN`	✓ 一致	'System optimization' suggests shell commands but no declaration
网络访问	`NONE`	`UNKNOWN`	✓ 一致	'Project research' and 'knowledge accumulation' may involve network access
技能调用	`NONE`	`POSSIBLE`	✓ 一致	Autonomous mode switching between Collaboration and Exploration modes implies dy…

目录结构

2 文件 · 1.1 KB · 55 行

Markdown 1f · 45L JSON 1f · 10L

├─ 📋 _meta.json JSON 10L · 295 B

└─ 📝 SKILL.md Markdown 45L · 868 B

安全亮点

✓ No malicious code present - skill consists only of documentation

✓ No external dependencies or scripts to audit

✓ No IOCs (Indicators of Compromise) detected

✓ No base64, obfuscation, or anti-analysis techniques found

✓ No credential harvesting patterns detected

✓ No network exfiltration behavior detected