中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:17 hr ago Rescan
20 /100
zhua-evolver
爪爪专属自我进化系统 —— 自动分析能力差距、搜索补强技能、执行进化循环、记录进化日志
This is a self-evaluation benchmarking skill for '爪爪' AI agent with no malicious capabilities. Minor documentation discrepancies exist but no security-impacting issues found.
Skill Namezhua-evolver
Duration44.0s
Enginepi
Safe to install
Approve for use. Documented scripts (search_skills.py, install_skills.py, log_evolution.py) should be implemented or removed from SKILL.md to eliminate documentation mismatch.

Findings 2 items

Severity Finding Location
Low
Documented capabilities not implemented Doc Mismatch
SKILL.md declares 'skillhub搜索' capability implying network:READ access, but no network code exists in any scripts. The skill is purely a local benchmarking tool.
在skillhub搜索补强技能
→ Either implement the skillhub search functionality or remove this claim from documentation
 SKILL.md:1
Low
Referenced scripts do not exist Doc Mismatch
SKILL.md workflow section references scripts that are not present: search_skills.py, install_skills.py, log_evolution.py
python3 scripts/search_skills.py --keywords <关键词> --limit 10
→ Implement missing scripts or update SKILL.md to reflect actual available scripts
 SKILL.md:25
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No file operations found in any scripts
Network READ NONE ✗ Violation SKILL.md claims skillhub searching capability but no network code exists in scri…
Shell NONE NONE No subprocess or shell execution found
Environment NONE NONE No os.environ access or credential harvesting
Clipboard NONE NONE No clipboard access found

File Tree

10 files · 21.3 KB · 694 lines
Python 7f · 561L Markdown 2f · 109L Text 1f · 24L
├─ 📁 assets
│ └─ 📄 example_asset.txt Text 24L · 865 B
├─ 📁 references
│ └─ 📝 api_reference.md Markdown 34L · 963 B
├─ 📁 scripts
│ ├─ 🐍 analyze_gap.py Python 59L · 2.0 KB
│ ├─ 🐍 check_hyper_top_final_v2.py Python 121L · 3.9 KB
│ ├─ 🐍 check_hyper_top_final.py Python 112L · 3.6 KB
│ ├─ 🐍 check_hyper_top_v2.py Python 100L · 2.8 KB
│ ├─ 🐍 define_hyper_top.py Python 91L · 2.8 KB
│ ├─ 🐍 example.py Python 19L · 583 B
│ └─ 🐍 orchestrate_minions.py Python 59L · 1.9 KB
└─ 📝 SKILL.md Markdown 75L · 2.0 KB

Security Positives

✓ No network access - all scripts are pure computation without network calls
✓ No credential harvesting - no environment variable access for secrets or API keys
✓ No file write operations - all scripts perform read-only computations
✓ No shell execution - pure Python scripts using argparse without subprocess
✓ No base64 obfuscation or encoded payloads
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ All dependencies are Python standard library only - no external package requirements
✓ No C2 communication or data exfiltration indicators
✓ No persistence mechanisms (cron, startup scripts, backdoors)
✓ No prompt injection attempts detected