安全决策报告

cogdx-health

Name: cogdx-health 可信度判断报告
Item: cogdx-health
Rating: 55
Author: ClawSafe

Documentation-only skill that sends agent conversation history to an external third-party API without clear data handling policies or declared allowed-tools.

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 2

IOC 1

越权项 0

发现 3

为什么得出这个结论

0/4 个维度触发

通过

声明与实际能力

声明资源与推断能力基本一致。

复核

隐藏执行与外联

提取到 1 个一般风险产物，需要结合上下文判断。

通过

攻击链与高危发现

没有形成明确的恶意路径。

复核

依赖与供应链卫生

没有完整依赖信息，供应链判断需要保留弹性。

风险分是怎么被拉高的

Missing allowed-tools declaration +15

SKILL.md has no allowed-tools mapping despite performing network requests

Undeclared data exfiltration +20

Sends full conversation history (prompts/responses) to external api.cerebratech.ai without clear data handling disclosures

Third-party data collection +10

Agent outputs containing user inputs routed to unknown third party with no privacy policy referenced

最关键的证据

中危文档欺骗

Missing allowed-tools declaration

SKILL.md lacks allowed-tools metadata declaration. Despite this, the skill performs network requests to api.cerebratech.ai. The skill metadata should explicitly declare network:READ permission.

SKILL.md:1

Add 'allowed-tools: Bash' or appropriate tool declaration if this skill will be implemented with code.

中危数据外泄

Conversation data sent to external third-party API

The skill sends 10-20 recent agent outputs (including user prompts and agent responses) to api.cerebratech.ai. This effectively exfiltrates conversation context to an external party without clear data retention, privacy, or consent policies documented.

SKILL.md:32

Document data handling practices, add privacy policy reference, and warn users that their prompts/responses will be sent to an external service.

低危供应链

External service dependency on Cerebratech

The skill depends entirely on an external API (api.cerebratech.ai). If this service goes down, is compromised, or changes terms, the skill becomes non-functional. No fallback or local alternative exists.

SKILL.md:32

Consider documenting reliability expectations or offering a local analysis mode.

声明能力 vs 实际能力

网络访问 通过

声明 NONE

→

推断 READ

SKILL.md:32 POST https://api.cerebratech.ai/cogdx-health

文件系统 通过

声明 NONE

→

推断 NONE

N/A - no file operations

命令执行 通过

声明 NONE

→

推断 NONE

N/A - no shell execution

环境变量 通过

声明 NONE

→

推断 NONE

N/A - no env access

技能调用 通过

声明 NONE

→

推断 NONE

N/A - no skill chaining

剪贴板 通过

声明 NONE

→

推断 NONE

N/A - no clipboard access

浏览器 通过

声明 NONE

→

推断 NONE

N/A - no browser usage

数据库 通过

声明 NONE

→

推断 NONE

N/A - no DB access

可疑产物与外联

中危外部 URL

https://api.cerebratech.ai/cogdx-health

SKILL.md:25

依赖与供应链

没有结构化依赖告警。

文件构成

2 个文件 · 155 行

Markdown 2 个文件 · 155 行

需关注文件 · 1

SKILL.md Markdown · 84 行

Missing allowed-tools declaration · Conversation data sent to external third-party API · External service dependency on Cerebratech · https://api.cerebratech.ai/cogdx-health

其他文件 · api.md

安全亮点

No executable code present - skill is documentation only

API endpoint and data format are fully documented

No obfuscated code, base64 payloads, or suspicious patterns detected

No credential harvesting, SSH key access, or sensitive file operations

No reverse shell, C2, or direct IP-based malicious communication

Skill purpose is transparent (cognitive health assessment)

MIT license declared with author attribution