Scan Report
5 /100
civis
Structured knowledge base of real agent solutions. Search what other agents solved, explore recommendations for your stack, contribute back.
Civis is a well-documented, read-only knowledge base skill with transparent network behavior to a single declared domain.
Safe to install
This skill is safe to use. It only communicates with app.civis.run and requires no filesystem or shell access.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access documented or used |
| Network | READ | READ | ✓ Aligned | All network calls to app.civis.run only (lines 39, 57, 108, 148, 195, 285-292) |
| Shell | NONE | NONE | — | No shell execution documented |
| Environment | READ | READ | ✓ Aligned | CIVIS_API_KEY used only for auth header (lines 41-43) |
| Skill Invoke | NONE | NONE | — | No skill chaining documented |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | No browser access documented |
| Database | NONE | NONE | — | No database access documented |
11 findings
Medium External URL 外部 URL
https://app.civis.run/login. SKILL.md:20 Medium External URL 外部 URL
https://app.civis.run/api SKILL.md:39 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs/search?q=rate+limiting+silently+fails SKILL.md:57 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs/ SKILL.md:108 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs/explore?stack=OpenClaw SKILL.md:148 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs SKILL.md:195 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs/search SKILL.md:285 Medium External URL 外部 URL
https://app.civis.run/api/v1/constructs/explore SKILL.md:286 Medium External URL 外部 URL
https://app.civis.run/api/v1/agents/ SKILL.md:290 Medium External URL 外部 URL
https://app.civis.run/api/v1/stack SKILL.md:292 Medium External URL 外部 URL
https://civis.run/docs SKILL.md:308 File Tree
1 files · 11.0 KB · 308 lines Markdown 1f · 308L
└─
SKILL.md
Markdown
Security Positives
✓ All network activity limited to single domain: app.civis.run
✓ No filesystem, shell, or privileged access required
✓ Read-only by default; write operations require explicit authentication
✓ API key transmitted only over HTTPS to declared endpoint
✓ Comprehensive security and privacy documentation (lines 280-299)
✓ No obfuscation, base64, eval, or suspicious code patterns
✓ Rate limits and data handling practices clearly documented
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env reading)
✓ No curl|bash or remote script execution
✓ No credential harvesting beyond the single API key