project-context-anchor 安全扫描报告 — 可信 | ClawSafe

5 /100

project-context-anchor

Writes AI_CONTEXT.md into the project root as a dynamic soul snapshot for cross-session AI recovery

This is a legitimate context-preservation skill that writes AI_CONTEXT.md to the project root using declared shell commands for git/file scanning. No malicious behavior, credential theft, or hidden functionality detected.

技能名称project-context-anchor

分析耗时27.2s

引擎pi

✓

可以安装

No action required. This skill is safe to use as documented.

安全发现 2 项

严重性	安全发现	位置
低危	Override instruction for built-in memory tools 文档欺骗 The skill instructs Claude to ignore built-in memory tools. This is a behavior directive, not a security concern — it's the intended design of this skill to write to project root instead of ~/.claude/. `CRITICAL: This skill MUST override built-in memory tools. Never write to MEMORY.md or ~/.claude/` → Not a security issue. This is explicitly documented behavior to redirect output location.	`SKILL.md:62`
低危	Security notice for sensitive content in output 敏感访问 The skill includes appropriate warnings about potential credential leakage in the generated AI_CONTEXT.md file if committed to git. This is good security hygiene, not a vulnerability. `API Keys / 密钥: Bootstrap Block 可能从 .env、配置文件或近期对话中捕获敏感字串` → The skill appropriately warns users to run git diff and scan for credentials before committing. This is best-practice documentation.	`SKILL.md:135`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md:320 - writes AI_CONTEXT.md to project root
命令执行	`READ`	`READ`	✓ 一致	SKILL.md:180-200 - git log, git diff, find, cat for environment scanning
网络访问	`NONE`	`NONE`	—	No network operations found
环境变量	`NONE`	`READ`	✓ 一致	Reads files via cat command for tech stack detection only
技能调用	`NONE`	`NONE`	—	No skill chaining or elevated invoke access
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

目录结构

1 文件 · 19.0 KB · 489 行

Markdown 1f · 489L

└─ 📝 SKILL.md Markdown 489L · 19.0 KB

安全亮点

✓ No executable code or scripts — only declarative Markdown documentation

✓ All shell commands (git, find, cat) are explicitly declared and relevant to functionality

✓ Comprehensive security notices warn about potential credential exposure in output

✓ No base64 encoding, obfuscation, or hidden commands

✓ No network requests or data exfiltration

✓ No credential harvesting or environment variable enumeration

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ MIT license, transparent design