中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
skill-vetting
Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing whether a skill adds value over existing tools.
skill-vetting is a legitimate security-scanning tool that detects malicious patterns in other skills; all suspicious patterns are either documented examples, the scanner's own detection logic, or external URLs to ClawHub infrastructure.
技能名称skill-vetting
分析耗时46.1s
引擎pi
可以安装
Approve for installation. This skill adds genuine defensive value over existing tools.

安全发现 3 项

严重性 安全发现 位置
提示
Example malicious URLs in pattern reference doc 文档欺骗
references/patterns.md lines 63-64 and 159 contain example attacker URLs (attacker.com, random-ip:8080) and IP addresses as pattern examples. These are documented placeholders within a reference database, not live IOCs being accessed by the skill code.
https://attacker.com/exfil
→ No action needed — these are intentional example patterns in a reference doc, not live threats.
 references/patterns.md:63
提示
Example destructive shell command in pattern reference 文档欺骗
references/patterns.md line 20 contains 'rm -rf /' as an example of a dangerous shell command pattern for the scanner to detect. It is not executed code.
rm -rf /
→ No action needed — this is a documented example pattern, not executed code.
 references/patterns.md:20
低危
Scanner uses base64 module import 代码混淆
scan.py imports base64 module (line 9) but does not use it to decode/execute code. It is imported for completeness in pattern matching and could be removed to reduce surface area.
import base64
→ Remove unused base64 import from scan.py to eliminate the appearance of base64 usage.
 scripts/scan.py:9
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 scan.py reads all skill files via Path.read_text()
网络访问 READ READ ✓ 一致 SKILL.md documents curl to clawhub.ai; ARCHITECTURE.md uses same domain
命令执行 NONE NONE No shell execution in code; SKILL.md shows curl as example command for human ope…
环境变量 NONE NONE scan.py uses argparse for CLI args, not os.environ credential scanning
技能调用 NONE NONE No skill invocation chains found
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
1 严重 6 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf /
references/patterns.md:20
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SLUG
ARCHITECTURE.md:138
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SKILL_NAME
SKILL.md:15
🔗
中危 外部 URL 外部 URL
https://attacker.com/exfil
references/patterns.md:63
🔗
中危 外部 URL 外部 URL
http://random-ip:8080/payload.py
references/patterns.md:64
🔗
中危 外部 URL 外部 URL
https://attacker.com
references/patterns.md:159

目录结构

5 文件 · 30.2 KB · 900 行
Markdown 3f · 667L Python 1f · 232L JSON 1f · 1L
├─ 📁 references
│ └─ 📝 patterns.md Markdown 219L · 4.6 KB
├─ 📁 scripts
│ └─ 🐍 scan.py Python 232L · 9.5 KB
├─ 📋 _meta.json JSON 1L · 133 B
├─ 📝 ARCHITECTURE.md Markdown 297L · 10.8 KB
└─ 📝 SKILL.md Markdown 151L · 5.1 KB

安全亮点

✓ Skill is a legitimate defensive tool (security scanner) with clear value
✓ SKILL.md clearly documents all network endpoints (clawhub.ai only)
✓ Skill explicitly warns AI reviewers about prompt injection before code review
✓ Hard rule declared: CRITICAL prompt_injection findings = automatic rejection
✓ Scanner is immune to prompt injection (regex-based, no LLM)
✓ Architecture doc transparently lists scanner limitations
✓ No shell=True, eval(), exec(), or dynamic code execution in scanner code
✓ All file operations scoped to skill directory being scanned
✓ No credential harvesting or environment variable iteration
✓ Skill self-describes as a vetting tool — behavior matches documentation