journal-submission-radar-all-types 安全扫描报告 — 可信 | ClawSafe

0 /100

journal-submission-radar-all-types

统一检索国内外多类型期刊，输出投稿路径核验、定制写作建议、风险提示与可控广告插入的客户顾问型 Skill

This is a legitimate journal submission advisory skill with no malicious behavior. The pre-scan IOC flagging `curl | bash` at SELF_CHECK.md:45 is a false positive — it is a checklist item *asserting the absence* of that pattern, not an instance of it.

技能名称journal-submission-radar-all-types

分析耗时56.5s

引擎pi

✓

可以安装

No action needed. The skill is safe to deploy. The SELF_CHECK.md security checklist item `- [x] 无 curl | bash` should be noted as a false-positive pattern by future IOC scanners.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	render_journal_dossier.py:94-96 — reads JSON resource files via Path.read_text()
文件系统	`NONE`	`WRITE`	✓ 一致	render_journal_dossier.py:107 — writes output to user-specified --output path; o…
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution anywhere in the codebase
网络访问	`NONE`	`NONE`	—	Script uses only Python standard library; no urllib, requests, or HTTP calls
环境变量	`NONE`	`NONE`	—	No os.environ access found
剪贴板	`NONE`	`NONE`	—	N/A
浏览器	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A

1 严重 2 项发现

💀

严重危险命令危险 Shell 命令

curl | bash

SELF_CHECK.md:45

🔗

中危外部 URL 外部 URL

https://www.nppa.gov.cn/bsfw/cyjghcpcx/qkan/index.html

SKILL.md:5

目录结构

11 文件 · 39.7 KB · 1108 行

Markdown 7f · 599L JSON 3f · 308L Python 1f · 201L

├─ ▾ 📁 examples

│ ├─ 📋 example_input_all_types.json JSON 110L · 3.3 KB

│ └─ 📝 example_output_report.md Markdown 154L · 6.6 KB

├─ ▾ 📁 resources

│ ├─ 📋 ad_slots.json JSON 20L · 937 B

│ ├─ 📋 journal_type_matrix.json JSON 178L · 5.4 KB

│ ├─ 📝 source_trust_policy.md Markdown 22L · 798 B

│ └─ 📝 writing_playbooks.md Markdown 33L · 1.2 KB

├─ ▾ 📁 scripts

│ └─ 🐍 render_journal_dossier.py Python 201L · 8.3 KB

├─ ▾ 📁 tests

│ └─ 📝 smoke-test.md Markdown 18L · 465 B

├─ 📝 README.md Markdown 116L · 3.4 KB

├─ 📝 SELF_CHECK.md Markdown 67L · 2.3 KB

└─ 📝 SKILL.md Markdown 189L · 7.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`python3`	`>=3.9`	stdlib	否	Only standard library used; no external package dependencies

安全亮点

✓ Python script uses only standard library (argparse, json, sys, pathlib) — no third-party dependencies with supply chain risk

✓ No subprocess, os.system, shell execution, or network calls in any file

✓ No base64 encoding, obfuscation, or anti-analysis patterns

✓ No credential harvesting, sensitive file access, or environment variable iteration

✓ No hidden functionality — all behavior is declared in SKILL.md

✓ Ad content is transparently labeled as '服务推荐（广告）' and explicitly disclaimed as non-editorial

✓ SELF_CHECK.md includes explicit security checklist passing all checks

✓ Security boundaries clearly declared: no fake submissions, no fabricated metrics, no disguised ads

✓ Script has proper error handling and no TODO/placeholder code