中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:23 hr ago Rescan
25 /100
auto-hook
检查指定 SKILL 是否存在偷懒、跳步、简化执行等问题,并确保该 SKILL 末尾附有自审计钩子
This is a self-audit hook injection/removal tool for AI agent skills. Filesystem WRITE access is declared and documented; no hidden functionality, credential theft, obfuscation, or network exfiltration observed.
Skill Nameauto-hook
Duration43.1s
Enginepi
Safe to install
Approve for use. The filesystem WRITE permission is necessary for the hook injection feature. Monitor hook.md content uploads to prevent potential prompt injection via malicious hook content.

Findings 2 items

Severity Finding Location
Low
Self-referential path in hook.md Doc Mismatch
hook.md contains hardcoded path './skills/autohook/hook.md' which creates a dependency on external hook content. If this path is compromised or contains malicious instructions, it could affect audit behavior.
1. 读取文件:./skills/autohook/hook.md
→ Verify hook.md integrity before use. Consider embedding hook content directly if security is paramount.
 hook.md:42
Medium
Hook injection could enable downstream prompt injection Priv Escalation
The skill-audit-hook.txt content is appended to target SKILL.md files. If an attacker can upload malicious hook content, they could inject instructions that execute within other skills' contexts.
skill-audit-hook.txt content is read and appended verbatim
→ Validate and sanitize skill-audit-hook.txt content before injection. Consider signing/verifying hook content integrity.
 skill-audit-hook.txt:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md Step 1: find / grep commands for locating files
Filesystem WRITE WRITE ✓ Aligned SKILL.md Step 3b: cp, python open() with 'a' mode for hook injection
Shell READ READ ✓ Aligned SKILL.md Step 3b: bash commands for file operations
Network NONE NONE No network calls found in SKILL.md or hook.md
Environment NONE NONE No os.environ iteration or env var access
credential NONE NONE No credential harvesting patterns found
Browser NONE NONE No browser access
Database NONE NONE No database access

File Tree

3 files · 14.0 KB · 379 lines
Markdown 2f · 369L Text 1f · 10L
├─ 📝 hook.md Markdown 49L · 2.4 KB
├─ 📄 skill-audit-hook.txt Text 10L · 451 B
└─ 📝 SKILL.md Markdown 320L · 11.1 KB

Security Positives

✓ All filesystem operations are documented in SKILL.md
✓ No credential harvesting or environment variable scanning
✓ No network exfiltration or C2 communication
✓ No obfuscation (base64, eval, atob patterns)
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ Hook mechanism is auditable and reversible
✓ Step 2 explicitly requires reading from skill-audit-hook.txt - no hidden default content