MeiHuaYi (梅花易数) 安全扫描报告 — 低风险 | ClawSafe

25 /100

MeiHuaYi (梅花易数)

Traditional Chinese I Ching divination system with plum blossom numerology calculations

Legitimate divination system with undeclared network access for data download and undocumented filesystem WRITE permissions - no malicious behavior detected.

技能名称MeiHuaYi (梅花易数)

分析耗时39.4s

引擎pi

✓

可以安装

Add network:READ and filesystem:WRITE declarations to SKILL.md. Pin the iching.json source URL to a specific version/commit to prevent supply chain risks.

安全发现 3 项

严重性	安全发现	位置
中危	Undeclared network access for data download 文档欺骗 meihuayi.py automatically downloads iching.json from GitHub (john-walks-slow/open-iching) on first run. This network READ operation is not declared in SKILL.md capabilities. `urllib.request.urlretrieve(_ICHING_URL, _ICHING_PATH)` → Declare network:READ capability if this behavior is intentional and necessary for the skill's core divination functionality.	`meihuayi.py:25`
低危	External data dependency without version pinning 供应链 The iching.json is fetched from a dynamic GitHub URL without version/commit pinning. Future changes to the upstream repository could alter the I Ching data, affecting prediction accuracy. `_ICHING_URL = "https://raw.githubusercontent.com/john-walks-slow/open-iching/master/iching/iching.json"` → Consider pinning to a specific commit hash or include iching.json directly in the skill package to eliminate external dependency.	`meihuayi.py:23`
低危	Undocumented filesystem WRITE permissions 文档欺骗 The skill creates data directories and SQLite databases (divination_records.db, learning_notes.db) in the data/ folder. This WRITE behavior is not declared in SKILL.md. `os.makedirs(_DATA_DIR); sqlite3.connect(_DB_PATH)` → Declare filesystem:WRITE capability for SQLite database operations in data/ directory.	`records.py:17`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	meihuayi.py:28-30 - os.makedirs(_DATA_DIR)
网络访问	`NONE`	`READ`	✗ 越权	meihuayi.py:25 - urllib.request.urlretrieve from raw.githubusercontent.com
命令执行	`NONE`	`NONE`	—	No subprocess or shell commands found
环境变量	`NONE`	`NONE`	—	No os.environ access for sensitive keys
技能调用	`NONE`	`NONE`	—	No inter-skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`WRITE`	✗ 越权	records.py:17-18 - sqlite3.connect creates local DB in data/

目录结构

8 文件 · 140.5 KB · 5716 行

JSON 1f · 3597L Markdown 4f · 1134L Python 3f · 985L

├─ ▾ 📁 data

│ ├─ 📋 iching.json JSON 3597L · 69.4 KB

│ ├─ 📝 万物类象.md Markdown 216L · 6.8 KB

│ ├─ 📝 三要十应.md Markdown 172L · 4.1 KB

│ └─ 📝 解卦技巧.md Markdown 212L · 8.4 KB

├─ 🐍 learning_notes.py Python 170L · 6.2 KB

├─ 🐍 meihuayi.py Python 393L · 17.5 KB

├─ 🐍 records.py Python 422L · 13.6 KB

└─ 📝 SKILL.md Markdown 534L · 14.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`iching.json`	`master (unpinned)`	https://raw.githubusercontent.com/john-walks-slow/open-iching/master/iching/iching.json	否	External JSON data fetched via urllib without version/commit pinning

安全亮点

✓ No credential harvesting - skill does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ No data exfiltration - no network POST requests or external data transmission

✓ No shell execution - no subprocess, os.system, or command injection vectors

✓ No obfuscation - all code is readable Python without base64 or eval patterns

✓ No persistence mechanisms - no cron jobs, startup scripts, or backdoor installations

✓ No prompt injection - SKILL.md contains legitimate documentation without hidden instructions

✓ SQLite databases are stored locally in data/ directory, not sent externally