Name: SX-security-audit Security Report — Trusted | ClawSafe
Item: SX-security-audit
Rating: 95
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

5 /100

SX-security-audit

全方位安全审计技能，检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git安全、Shell安全、macOS安全、密钥检测等

这是一个合法的安全审计工具，代码与文档完全一致，所有功能均为声明的合法安全检查操作，预扫描发现的API密钥为参考文档中的示例数据，非真实泄露。

Skill NameSX-security-audit

Duration34.7s

Enginepi

ClawHub sx-security-audit v1.0.0 by zhuxiaobao-y

📥 209 📦 1

ClawHub Verdict Suspicious dynamic_code_execution

✓

Safe to install

该技能安全可用。预扫描标记的硬编码密钥均在references/secrets-detection.md参考文档中，作为检测规则示例使用（已标注为示例），非真实凭证泄露。

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	security_audit.py:89-95 检查敏感文件权限
Environment	`READ`	`READ`	✓ Aligned	security_audit.py:280-310 扫描环境变量
Shell	`WRITE`	`WRITE`	✓ Aligned	security_audit.py:360 npm audit、lsof等系统命令
Network	`WRITE`	`WRITE`	✓ Aligned	send_report_to_feishu.py:80 使用urllib发送webhook
Skill Invoke	`READ`	`READ`	✓ Aligned	security_audit.py:180-220 检查skills目录

3 Critical 1 High 12 findings

🔑

Critical API Key 硬编码 API 密钥

AKIAIOSFODNN7EXAMPLE

references/secrets-detection.md:11

🔑

Critical API Key 硬编码 API 密钥

ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

references/secrets-detection.md:12

🔑

Critical API Key 硬编码 API 密钥

xoxb-123-456

references/secrets-detection.md:14

🔑

High API Key 疑似硬编码凭证

API_KEY = "your-api-key-here"

references/secrets-detection.md:109

🔗

Medium External URL 外部 URL

https://api.example.com

references/code-security.md:315

🔗

Medium External URL 外部 URL

https://owasp.org/www-project-top-ten/

references/code-security.md:326

🔗

Medium External URL 外部 URL

https://cwe.mitre.org/top25/

references/code-security.md:327

🔗

Medium External URL 外部 URL

https://www.sans.org/top25-software-errors/

references/code-security.md:328

🔗

Medium External URL 外部 URL

https://nodejs.org/en/docs/guides/security

references/code-security.md:329

🔗

Medium External URL 外部 URL

https://python.readthedocs.io/en/latest/security/index.html

references/code-security.md:330

🔗

Medium External URL 外部 URL

https://npm.example.com

references/dependency-audit.md:164

🔗

Medium External URL 外部 URL

https://cve.mitre.org/

references/dependency-audit.md:212

File Tree

7 files · 85.0 KB · 2794 lines

Python 2f · 1777L Markdown 5f · 1017L

├─ ▾ 📁 references

│ ├─ 📝 code-security.md Markdown 341L · 7.7 KB

│ ├─ 📝 dependency-audit.md Markdown 254L · 4.9 KB

│ ├─ 📝 permissions.md Markdown 48L · 1.5 KB

│ └─ 🔑 secrets-detection.md ⚠ Markdown 188L · 4.6 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 security_audit.py Python 1335L · 47.6 KB

│ └─ 🐍 send_report_to_feishu.py Python 442L · 13.3 KB

└─ 📝 SKILL.md Markdown 186L · 5.5 KB

Security Positives

✓ 代码功能与SKILL.md文档完全一致，无阴影功能

✓ 使用subprocess执行npm audit、lsof等标准安全工具，非自定义恶意命令

✓ 飞书Webhook发送使用标准urllib，无隐蔽外传通道

✓ 预扫描IOC均为参考文档中的示例数据（已标注为示例如your-api-key-here）

✓ 代码结构清晰，有完整的错误处理

✓ 使用装饰器模式注册检查模块，便于审计追踪

Scan Report

File Tree

Security Positives