semanticfs 安全扫描报告 — 可疑 | ClawSafe

45 /100

semanticfs

Semantic filesystem search - replaces grep/find/ls chains with semantic queries

Skill contains a declared but dangerous curl|bash remote script execution pattern for installation, representing an unmitigated supply chain risk.

技能名称semanticfs

分析耗时27.6s

引擎pi

⚠

谨慎使用

Replace curl|bash with explicit installation steps or direct binary download with hash verification. Pin the install script to a specific commit or tag.

攻击链 3 步

⬡

提权 Attacker compromises GitHub repo or modifies install.sh on main branch

SKILL.md:40

⬡

提权 User follows install instructions, executing malicious code via curl|bash

SKILL.md:40

◉

影响 Attacker gains arbitrary code execution on user's system

install.sh:1

安全发现 3 项

严重性	安全发现	位置
高危	Dangerous curl\|bash remote script execution 供应链 The install instruction at line 40 uses 'curl -sSfL <URL> \| bash', which downloads and executes arbitrary code from a remote GitHub repository without any integrity verification (no hash check, no version pin, no code review step). `curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh \| bash` → Replace with: 1) Direct binary download with SHA256 verification, 2) Package manager install (pip/brew), or 3) Explicit multi-step instructions showing what the install script does before execution.	`SKILL.md:40`
中危	Unpinned installation source 供应链 The GitHub raw URL points to the 'main' branch without a specific commit, tag, or release. The content can change arbitrarily, breaking reproducibility and enabling supply chain attacks. `https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh` → Pin to a specific release tag: https://raw.githubusercontent.com/Navneeth08k/semanticFS/v1.0.0/scripts/install.sh	`SKILL.md:40`
中危	Undeclared shell execution permissions 权限提升 SKILL.md instructs users to run multiple shell commands (semanticfs binary, curl, python3 -c) without declaring 'shell:WRITE' in allowed-tools mapping. The shell resource capability is not declared at all. `curl -sSfL ... \| bash; semanticfs --config ~/semanticfs.toml ...` → If shell execution is required for this skill, declare it explicitly in the allowed-tools mapping.	`SKILL.md:40`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	semanticfs index build requires read access to indexed directories
网络访问	`NONE`	`READ`	✓ 一致	Queries localhost:9464 API for search results
命令执行	`NONE`	`WRITE`	✗ 越权	SKILL.md:40,45,52,55,63 - Runs binary commands and curl without declared shell p…

1 严重 1 项发现

💀

严重危险命令危险 Shell 命令

curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh | bash

SKILL.md:40

目录结构

1 文件 · 4.0 KB · 131 行

Markdown 1f · 131L

└─ 📝 SKILL.md Markdown 131L · 4.0 KB

安全亮点

✓ Skill behavior is well-documented and transparent about what it does

✓ The tool is read-only (semantic search only, no file modification)

✓ Localhost-only network usage reduces exfiltration risk

✓ GitHub repository provides some accountability (unlike arbitrary URLs)