中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 65/100
Last scan:18 hr ago Rescan
65 /100
ai-intelligent-asset-management
IT 资产管理,硬件/软件全生命周期 (claimed) / AI intelligent ai-intelligent-asset-management (skill.json)
Skill presents itself as a functional IT asset management system but contains zero executable code, creating a deceptive facade with suspicious embedded metadata.
Skill Nameai-intelligent-asset-management
Duration29.1s
Enginepi
Do not install this skill
Do not deploy this skill. The absence of any code files despite claiming installation requirements (pip install, python app.py) indicates either an abandoned project or a deceptive placeholder. The embedded YAML metadata is non-standard.

Attack Chain 3 steps

Escalation Skill presents as legitimate IT asset management tool with professional pricing tiers
SKILL.md:1
Escalation Installation instructions reference non-existent requirements.txt and app.py
SKILL.md:27
Escalation No code files exist - skill is purely documentation with no verifiable functionality
SKILL.md:1

Findings 3 items

Severity Finding Location
High
Documentation claims executable application with no code Doc Mismatch
SKILL.md installation section instructs users to 'pip install -r requirements.txt' and 'python app.py', but neither requirements.txt nor app.py (or any code file) exists in the repository. This is either an abandoned project or a deceptive placeholder.
pip install -r requirements.txt
python app.py
→ Verify if this is a legitimate placeholder or if code was intentionally omitted. Report to platform if this is a scam.
 SKILL.md:27
High
Embedded YAML metadata in SKILL.md Doc Mismatch
SKILL.md contains YAML frontmatter (lines 1-9) with openclaw metadata including 'requires: { bins: [] }'. This non-standard documentation structure is unusual and may contain hidden configurations.
---
name: ai-intelligent-asset-management
version: 1.0.0
metadata:
  openclaw:
    emoji: "🤖"
    requires:
      bins: []
---
→ Review why metadata is embedded in SKILL.md instead of skill.json. Verify the 'bins' requirement array is intentionally empty.
 SKILL.md:1
Medium
Description mismatch between SKILL.md and skill.json Doc Mismatch
SKILL.md describes 'IT 资产管理,硬件/软件全生命周期' while skill.json has generic 'AI intelligent ai-intelligent-asset-management'. The inconsistency suggests hasty or deceptive creation.
"description": "AI intelligent ai-intelligent-asset-management"
→ Ensure skill metadata is consistent across all documentation files.
 skill.json:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No code files present to infer capabilities
Network NONE NONE No code files present to infer capabilities
Shell NONE NONE No code files present to infer capabilities

File Tree

2 files · 1.2 KB · 58 lines
Markdown 1f · 51L JSON 1f · 7L
├─ 📋 skill.json JSON 7L · 219 B
└─ 📝 SKILL.md Markdown 51L · 1019 B

Security Positives

✓ No malicious code files detected (there are no code files at all)
✓ No network exfiltration patterns found
✓ No credential harvesting code present
✓ No reverse shell or C2 infrastructure indicators