中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:18 小时前 重新扫描
20 /100
zhua-evolver
爪爪专属自我进化系统 —— 自动分析能力差距、搜索补强技能、执行进化循环、记录进化日志
This is a self-evaluation benchmarking skill for '爪爪' AI agent with no malicious capabilities. Minor documentation discrepancies exist but no security-impacting issues found.
技能名称zhua-evolver
分析耗时44.0s
引擎pi
可以安装
Approve for use. Documented scripts (search_skills.py, install_skills.py, log_evolution.py) should be implemented or removed from SKILL.md to eliminate documentation mismatch.

安全发现 2 项

严重性 安全发现 位置
低危
Documented capabilities not implemented 文档欺骗
SKILL.md declares 'skillhub搜索' capability implying network:READ access, but no network code exists in any scripts. The skill is purely a local benchmarking tool.
在skillhub搜索补强技能
→ Either implement the skillhub search functionality or remove this claim from documentation
 SKILL.md:1
低危
Referenced scripts do not exist 文档欺骗
SKILL.md workflow section references scripts that are not present: search_skills.py, install_skills.py, log_evolution.py
python3 scripts/search_skills.py --keywords <关键词> --limit 10
→ Implement missing scripts or update SKILL.md to reflect actual available scripts
 SKILL.md:25
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file operations found in any scripts
网络访问 READ NONE ✗ 越权 SKILL.md claims skillhub searching capability but no network code exists in scri…
命令执行 NONE NONE No subprocess or shell execution found
环境变量 NONE NONE No os.environ access or credential harvesting
剪贴板 NONE NONE No clipboard access found

目录结构

10 文件 · 21.3 KB · 694 行
Python 7f · 561L Markdown 2f · 109L Text 1f · 24L
├─ 📁 assets
│ └─ 📄 example_asset.txt Text 24L · 865 B
├─ 📁 references
│ └─ 📝 api_reference.md Markdown 34L · 963 B
├─ 📁 scripts
│ ├─ 🐍 analyze_gap.py Python 59L · 2.0 KB
│ ├─ 🐍 check_hyper_top_final_v2.py Python 121L · 3.9 KB
│ ├─ 🐍 check_hyper_top_final.py Python 112L · 3.6 KB
│ ├─ 🐍 check_hyper_top_v2.py Python 100L · 2.8 KB
│ ├─ 🐍 define_hyper_top.py Python 91L · 2.8 KB
│ ├─ 🐍 example.py Python 19L · 583 B
│ └─ 🐍 orchestrate_minions.py Python 59L · 1.9 KB
└─ 📝 SKILL.md Markdown 75L · 2.0 KB

安全亮点

✓ No network access - all scripts are pure computation without network calls
✓ No credential harvesting - no environment variable access for secrets or API keys
✓ No file write operations - all scripts perform read-only computations
✓ No shell execution - pure Python scripts using argparse without subprocess
✓ No base64 obfuscation or encoded payloads
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ All dependencies are Python standard library only - no external package requirements
✓ No C2 communication or data exfiltration indicators
✓ No persistence mechanisms (cron, startup scripts, backdoors)
✓ No prompt injection attempts detected