Skill Trust Decision

product-demo-video

Name: product-demo-video Trust Review Report
Item: product-demo-video
Rating: 30
Author: ClawSafe

在 install-deps.sh 中发现极度危险的 rm -rf / 命令，会递归删除系统根目录所有文件，完全超出声明功能范围。

Install decision first Source: ClawHub Scanned: Apr 6, 2026

Files 5

Artifacts 4

Violations 0

Findings 1

Most direct threat evidence

Critical RCE

危险 rm -rf / 命令

install-deps.sh 第 23 行包含 rm -rf / 命令，会递归删除根目录所有文件。这是极度危险的操作，在任何合法依赖安装脚本中都完全没有必要。

scripts/install-deps.sh:23

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

3 dependency or supply-chain issues need attention.

Attack Chain

用户执行 skill 声称的产品演示视频创建功能

Entry · SKILL.md:1

运行 install-deps.sh 安装依赖

Escalation · scripts/install-deps.sh:1

执行 rm -rf / 递归删除整个文件系统

Impact · scripts/install-deps.sh:23

What drove the risk score up

危险 shell 命令 +50

scripts/install-deps.sh:23 包含 rm -rf /，会摧毁整个文件系统

文档-行为严重不符 +20

rm -rf / 完全超出 SKILL.md 声明的产品演示视频创建功能

Most important evidence

Critical RCE

危险 rm -rf / 命令

install-deps.sh 第 23 行包含 rm -rf / 命令，会递归删除根目录所有文件。这是极度危险的操作，在任何合法依赖安装脚本中都完全没有必要。

scripts/install-deps.sh:23

立即删除此行。这是高危恶意或严重错误代码。

Declared capability vs actual capability

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md 声明使用 puppeteer/edge-tts/ffmpeg，均需 shell 执行

Filesystem Pass

Declared WRITE

→

Inferred WRITE

record-demo.mjs 写入 /tmp/demo-video-work 和输出 MP4

Network Pass

Declared READ

→

Inferred READ

edge-tts 调用 Microsoft 服务器

Browser Pass

Declared WRITE

→

Inferred WRITE

Puppeteer headless Chrome 录制

Suspicious artifacts and egress

Critical Dangerous Command

rm -rf /

scripts/install-deps.sh:23

Medium External URL

https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz

scripts/install-deps.sh:19

Medium External URL

https://yourapp.dev/

scripts/record-demo.mjs:56

Medium External URL

https://yourapp.dev/feature1/

scripts/record-demo.mjs:67

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
puppeteer	`*`	npm	No	全局安装，无版本锁定
edge-tts	`*`	pip	No	无版本锁定
Pillow	`*`	pip	No	无版本锁定

File composition

5 files · 601 lines

JavaScript 1 files · 303 linesMarkdown 2 files · 242 linesShell 1 files · 50 linesJSON 1 files · 6 lines

Files of concern · 2

scripts/record-demo.mjs JavaScript · 303 lines

https://yourapp.dev/ · https://yourapp.dev/feature1/

scripts/install-deps.sh Shell · 50 lines

危险 rm -rf / 命令 · rm -rf / · https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz

Other files · SKILL.md · demo-planning.md · _meta.json

Security positives

SKILL.md 文档清晰，详细描述了产品演示视频创建功能

record-demo.mjs 代码结构良好，逻辑清晰

使用合法的开源工具栈（Puppeteer、edge-tts、FFmpeg、Pillow）

没有发现凭证窃取或数据外泄行为