中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:22 小时前 重新扫描
25 /100
auto-hook
检查指定 SKILL 是否存在偷懒、跳步、简化执行等问题,并确保该 SKILL 末尾附有自审计钩子
This is a self-audit hook injection/removal tool for AI agent skills. Filesystem WRITE access is declared and documented; no hidden functionality, credential theft, obfuscation, or network exfiltration observed.
技能名称auto-hook
分析耗时43.1s
引擎pi
可以安装
Approve for use. The filesystem WRITE permission is necessary for the hook injection feature. Monitor hook.md content uploads to prevent potential prompt injection via malicious hook content.

安全发现 2 项

严重性 安全发现 位置
低危
Self-referential path in hook.md 文档欺骗
hook.md contains hardcoded path './skills/autohook/hook.md' which creates a dependency on external hook content. If this path is compromised or contains malicious instructions, it could affect audit behavior.
1. 读取文件:./skills/autohook/hook.md
→ Verify hook.md integrity before use. Consider embedding hook content directly if security is paramount.
 hook.md:42
中危
Hook injection could enable downstream prompt injection 权限提升
The skill-audit-hook.txt content is appended to target SKILL.md files. If an attacker can upload malicious hook content, they could inject instructions that execute within other skills' contexts.
skill-audit-hook.txt content is read and appended verbatim
→ Validate and sanitize skill-audit-hook.txt content before injection. Consider signing/verifying hook content integrity.
 skill-audit-hook.txt:1
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md Step 1: find / grep commands for locating files
文件系统 WRITE WRITE ✓ 一致 SKILL.md Step 3b: cp, python open() with 'a' mode for hook injection
命令执行 READ READ ✓ 一致 SKILL.md Step 3b: bash commands for file operations
网络访问 NONE NONE No network calls found in SKILL.md or hook.md
环境变量 NONE NONE No os.environ iteration or env var access
凭证 NONE NONE No credential harvesting patterns found
浏览器 NONE NONE No browser access
数据库 NONE NONE No database access

目录结构

3 文件 · 14.0 KB · 379 行
Markdown 2f · 369L Text 1f · 10L
├─ 📝 hook.md Markdown 49L · 2.4 KB
├─ 📄 skill-audit-hook.txt Text 10L · 451 B
└─ 📝 SKILL.md Markdown 320L · 11.1 KB

安全亮点

✓ All filesystem operations are documented in SKILL.md
✓ No credential harvesting or environment variable scanning
✓ No network exfiltration or C2 communication
✓ No obfuscation (base64, eval, atob patterns)
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ Hook mechanism is auditable and reversible
✓ Step 2 explicitly requires reading from skill-audit-hook.txt - no hidden default content