中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
skill-vetting
Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing whether a skill adds value over existing tools.
skill-vetting is a legitimate security-scanning tool that detects malicious patterns in other skills; all suspicious patterns are either documented examples, the scanner's own detection logic, or external URLs to ClawHub infrastructure.
Skill Nameskill-vetting
Duration46.1s
Enginepi
Safe to install
Approve for installation. This skill adds genuine defensive value over existing tools.

Findings 3 items

Severity Finding Location
Info
Example malicious URLs in pattern reference doc Doc Mismatch
references/patterns.md lines 63-64 and 159 contain example attacker URLs (attacker.com, random-ip:8080) and IP addresses as pattern examples. These are documented placeholders within a reference database, not live IOCs being accessed by the skill code.
https://attacker.com/exfil
→ No action needed — these are intentional example patterns in a reference doc, not live threats.
 references/patterns.md:63
Info
Example destructive shell command in pattern reference Doc Mismatch
references/patterns.md line 20 contains 'rm -rf /' as an example of a dangerous shell command pattern for the scanner to detect. It is not executed code.
rm -rf /
→ No action needed — this is a documented example pattern, not executed code.
 references/patterns.md:20
Low
Scanner uses base64 module import Obfuscation
scan.py imports base64 module (line 9) but does not use it to decode/execute code. It is imported for completeness in pattern matching and could be removed to reduce surface area.
import base64
→ Remove unused base64 import from scan.py to eliminate the appearance of base64 usage.
 scripts/scan.py:9
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned scan.py reads all skill files via Path.read_text()
Network READ READ ✓ Aligned SKILL.md documents curl to clawhub.ai; ARCHITECTURE.md uses same domain
Shell NONE NONE No shell execution in code; SKILL.md shows curl as example command for human ope…
Environment NONE NONE scan.py uses argparse for CLI args, not os.environ credential scanning
Skill Invoke NONE NONE No skill invocation chains found
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access
1 Critical 6 findings
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf /
references/patterns.md:20
🔗
Medium External URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SLUG
ARCHITECTURE.md:138
🔗
Medium External URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SKILL_NAME
SKILL.md:15
🔗
Medium External URL 外部 URL
https://attacker.com/exfil
references/patterns.md:63
🔗
Medium External URL 外部 URL
http://random-ip:8080/payload.py
references/patterns.md:64
🔗
Medium External URL 外部 URL
https://attacker.com
references/patterns.md:159

File Tree

5 files · 30.2 KB · 900 lines
Markdown 3f · 667L Python 1f · 232L JSON 1f · 1L
├─ 📁 references
│ └─ 📝 patterns.md Markdown 219L · 4.6 KB
├─ 📁 scripts
│ └─ 🐍 scan.py Python 232L · 9.5 KB
├─ 📋 _meta.json JSON 1L · 133 B
├─ 📝 ARCHITECTURE.md Markdown 297L · 10.8 KB
└─ 📝 SKILL.md Markdown 151L · 5.1 KB

Security Positives

✓ Skill is a legitimate defensive tool (security scanner) with clear value
✓ SKILL.md clearly documents all network endpoints (clawhub.ai only)
✓ Skill explicitly warns AI reviewers about prompt injection before code review
✓ Hard rule declared: CRITICAL prompt_injection findings = automatic rejection
✓ Scanner is immune to prompt injection (regex-based, no LLM)
✓ Architecture doc transparently lists scanner limitations
✓ No shell=True, eval(), exec(), or dynamic code execution in scanner code
✓ All file operations scoped to skill directory being scanned
✓ No credential harvesting or environment variable iteration
✓ Skill self-describes as a vetting tool — behavior matches documentation