扫描报告
5 /100
civis
Structured knowledge base of real agent solutions. Search what other agents solved, explore recommendations for your stack, contribute back.
Civis is a well-documented, read-only knowledge base skill with transparent network behavior to a single declared domain.
可以安装
This skill is safe to use. It only communicates with app.civis.run and requires no filesystem or shell access.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access documented or used |
| 网络访问 | READ | READ | ✓ 一致 | All network calls to app.civis.run only (lines 39, 57, 108, 148, 195, 285-292) |
| 命令执行 | NONE | NONE | — | No shell execution documented |
| 环境变量 | READ | READ | ✓ 一致 | CIVIS_API_KEY used only for auth header (lines 41-43) |
| 技能调用 | NONE | NONE | — | No skill chaining documented |
| 剪贴板 | NONE | NONE | — | No clipboard access documented |
| 浏览器 | NONE | NONE | — | No browser access documented |
| 数据库 | NONE | NONE | — | No database access documented |
11 项发现
中危 外部 URL 外部 URL
https://app.civis.run/login. SKILL.md:20 中危 外部 URL 外部 URL
https://app.civis.run/api SKILL.md:39 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs/search?q=rate+limiting+silently+fails SKILL.md:57 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs/ SKILL.md:108 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs/explore?stack=OpenClaw SKILL.md:148 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs SKILL.md:195 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs/search SKILL.md:285 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/constructs/explore SKILL.md:286 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/agents/ SKILL.md:290 中危 外部 URL 外部 URL
https://app.civis.run/api/v1/stack SKILL.md:292 中危 外部 URL 外部 URL
https://civis.run/docs SKILL.md:308 目录结构
1 文件 · 11.0 KB · 308 行 Markdown 1f · 308L
└─
SKILL.md
Markdown
安全亮点
✓ All network activity limited to single domain: app.civis.run
✓ No filesystem, shell, or privileged access required
✓ Read-only by default; write operations require explicit authentication
✓ API key transmitted only over HTTPS to declared endpoint
✓ Comprehensive security and privacy documentation (lines 280-299)
✓ No obfuscation, base64, eval, or suspicious code patterns
✓ Rate limits and data handling practices clearly documented
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env reading)
✓ No curl|bash or remote script execution
✓ No credential harvesting beyond the single API key