python-auto-dev 安全扫描报告 — 低风险 | ClawSafe

15 /100

python-auto-dev

Automated Python code generation, testing, debugging, and optimization with integrated conda environment management

A straightforward Windows-centric Python dev-automation skill with no malicious behavior, though it has minor documentation gaps regarding shell:WRITE permission and cross-platform applicability.

技能名称python-auto-dev

分析耗时47.3s

引擎pi

✓

可以安装

Approve for use. No malicious behavior detected. Consider documenting the subprocess/shell:WRITE capability and noting the Windows-only hard-coded paths in SKILL.md for clarity.

安全发现 3 项

严重性	安全发现	位置
低危	Shell execution not declared in allowed-tools 文档欺骗 SKILL.md lists allowed-tools as Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE. However, the implementation uses Python subprocess.run() for conda activation and linting tools, which is a form of shell execution not explicitly documented. The SKILL.md maps Bash to shell:WRITE but doesn't mention that scripts internally invoke subprocess. `allowed-tools mapping: Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE` → Update SKILL.md to document that scripts use subprocess.run for conda environment activation and linting tool execution, which implies shell:WRITE permission internally.	`SKILL.md:1`
低危	Hard-coded Windows-specific paths reduce cross-platform safety 权限提升 All five scripts hard-code C:\anaconda3 and H:\code\Daily as absolute Windows paths. This makes the skill non-functional on non-Windows systems and could cause unexpected file writes if paths are redirected. `DEFAULT_CONDA_PATH = r"C:\anaconda3\condabin\conda.bat"` → Consider making paths configurable via environment variables or command-line arguments. The SKILL.md already notes 'modify scripts if path changes' but this should be a structured config.	`scripts/run_tests.py:17`
提示	AST parsing of arbitrary user code 文档欺骗 create_tests.py uses ast.parse() on any Python file path provided by the caller. A malicious upstream agent could provide a crafted file that triggers high CPU/memory via complex AST. This is a DoS vector, not data theft. `tree = ast.parse(content)` → Add a file size limit or timeout on AST parsing. This is a minor concern since the agent calling this skill controls the input.	`scripts/create_tests.py:44`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	scripts/generate_code.py:95 — writes generated Python files to disk; scripts/cre…
命令执行	`NONE`	`WRITE`	✓ 一致	scripts/run_tests.py:51-55 — subprocess.run(['cmd.exe','/c',full_cmd]); scripts/…
网络访问	`NONE`	`NONE`	—	No network requests found in any script
环境变量	`NONE`	`READ`	✓ 一致	os.environ.copy() in run_tests.py:56 and optimize_code.py:45 — only copies env f…
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access
技能调用	`NONE`	`NONE`	—	No cross-skill invocation

目录结构

7 文件 · 46.1 KB · 1344 行

Python 5f · 1079L Markdown 2f · 265L

├─ ▾ 📁 references

│ └─ 📝 script-usage.md Markdown 172L · 5.0 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 create_tests.py Python 219L · 7.9 KB

│ ├─ 🐍 debug_code.py Python 265L · 10.8 KB

│ ├─ 🐍 generate_code.py Python 138L · 3.7 KB

│ ├─ 🐍 optimize_code.py Python 320L · 10.8 KB

│ └─ 🐍 run_tests.py Python 137L · 4.5 KB

└─ 📝 SKILL.md Markdown 93L · 3.5 KB

安全亮点

✓ No network requests or external communications found in any script

✓ No credential harvesting, environment variable iteration, or sensitive file access

✓ No base64 encoding, obfuscation, or anti-analysis patterns

✓ No remote script execution (curl|bash, wget|sh patterns)

✓ No hidden functionality — all scripts are straightforward development automation

✓ Subprocess commands are constructed with absolute paths and controlled arguments, not shell-injected strings

✓ No data exfiltration or C2 communication

✓ No persistence mechanisms (cron, startup hooks, registry writes)

✓ No supply chain risks — no external dependencies declared or used