安全决策报告
ai-intelligent-helpdesk
Skill provides only documentation with no actual implementation code; installation instructions reference a non-existent remote repository and nonexistent local files (requirements.txt, app.py), constituting doc-to-code mismatch and potential social engineering.
最直接的威胁证据
01
Skill is distributed as documentation-only package with no code delivery · SKILL.md
02
Installation instructions redirect user to clone unverified external repository delivery · SKILL.md
03
User blindly executes pip install and python app.py from an untrusted third-party repository, gaining full shell access to the environment 最终危害 · SKILL.md
为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 0 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Skill is distributed as documentation-only package with no code
delivery · SKILL.md:1
02
Installation instructions redirect user to clone unverified external repository
delivery · SKILL.md:31
03
User blindly executes pip install and python app.py from an untrusted third-party repository, gaining full shell access to the environment
最终危害 · SKILL.md:30
风险分是怎么被拉高的
Doc-to-code mismatch +20
SKILL.md describes a full FastAPI application with ticket management, smart dispatching, and knowledge base, but the package contains zero implementation files
Non-existent installation artifacts +15
SKILL.md references pip install -r requirements.txt and python app.py, but neither requirements.txt nor app.py exist in the package
Unverified remote repository +10
Install instruction clones https://github.com/openclaw-skills/ai-intelligent-helpdesk — an unverified external source with no code review possible
Obfuscated authorship +5
skill.json author field 'yang1002378395-cmyk' appears to be an auto-generated or obfuscated identifier with no verifiable identity
最关键的证据
中危 文档欺骗
No implementation code present
The package declares a FastAPI-based enterprise helpdesk system but contains only documentation files (SKILL.md, skill.json). No Python source files, no requirements.txt, no app.py — the entire implementation is absent. This makes independent security verification impossible.
SKILL.md:30 Request actual source code before any security assessment. Refuse to install from the remote repository without code review.
中危 文档欺骗
Installation points to unverified external repository
The install instructions direct users to `git clone https://github.com/openclaw-skills/ai-intelligent-helpdesk` — a third-party repository that has not been security reviewed. The user is expected to download and execute code from this external source blindly.
SKILL.md:31 Do not clone or execute code from this repository. Insist on a complete, self-contained package with all source code included in the skill bundle.
低危 文档欺骗
Package metadata mismatch
skill.json has 'author': 'yang1002378395-cmyk' (likely an auto-generated identifier) and 'description': 'AI intelligent ai-intelligent-helpdesk' which is a near-duplicate tautology, suggesting non-professional packaging. Combined with the missing code, this weakens trust in the skill's provenance.
skill.json:3 Verify the identity and reputation of the skill author before use.
声明能力 vs 实际能力
没有检测到能力矩阵。
可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 58 行
Markdown 1 个文件 · 51 行JSON 1 个文件 · 7 行
需关注文件 · 2
SKILL.md No implementation code present · Installation points to unverified external repository
skill.json Package metadata mismatch
安全亮点
No malicious code found — no code exists in this package at all
No sensitive file access observed (no filesystem code present)
No network exfiltration code present (no scripts to analyze)
No credential harvesting logic (no executable code)
No obfuscated payloads (base64, eval, or shell commands)
No supply chain risk via dependencies (no dependency files)