soul-architect 安全扫描报告 — 可信 | ClawSafe

5 /100

soul-architect

Creates STYLE_MANIFESTO persona source code for content-engine

Legitimate persona synthesis tool with no malicious indicators - only creates local documentation files using standard library Python.

技能名称soul-architect

分析耗时27.9s

引擎pi

✓

可以安装

No action required. This skill is safe to use.

安全发现 1 项

严重性	安全发现	位置
低危	Missing allowed-tools declaration 文档欺骗 SKILL.md does not explicitly declare allowed-tools. While the script only uses filesystem:WRITE for scoped persona directory creation, explicit declaration is security best practice. `No allowed-tools section present` → Add explicit allowed-tools section: filesystem:WRITE, skill_invoke:NONE	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	scripts/synthesize.py:27 - creates personas/{name}/ directory and STYLE_MANIFEST…
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution found
网络访问	`NONE`	`NONE`	—	No network requests in code
环境变量	`NONE`	`NONE`	—	No os.environ access except standard argparse
凭证	`NONE`	`NONE`	—	No credential access

3 文件 · 8.5 KB · 239 行

Markdown 1f · 141L Python 1f · 65L Ignore 1f · 33L

├─ ▾ 📁 scripts

│ └─ 🐍 synthesize.py Python 65L · 2.1 KB

├─ 📄 .gitignore Ignore 33L · 284 B

└─ 📝 SKILL.md Markdown 141L · 6.1 KB

✓ Uses only Python standard library (os, argparse, pathlib) - no third-party dependencies

✓ File writes are scoped to personas/{name}/ directory only - no broad filesystem access

✓ No network calls or external communications

✓ No credential harvesting or environment variable abuse

✓ No obfuscation, base64 encoding, or eval() usage

✓ No shell command execution

✓ Logic is straightforward and auditable