server-audit 安全扫描报告 — 可信 | ClawSafe

5 /100

server-audit

Server Audit Skill for AI Agents — full diagnostic of Proxmox VE and Linux servers (Debian/Ubuntu/RHEL/CentOS) via read-only SSH commands

Pure documentation-only skill describing read-only SSH diagnostic commands for Proxmox and Linux server auditing; no executable code, scripts, or hidden functionality present.

技能名称server-audit

分析耗时41.3s

引擎pi

✓

可以安装

Approve for use. This skill contains only markdown documentation files describing SSH-based diagnostic commands. The skill correctly scopes itself to read-only audit operations with explicit prohibitions against state-changing commands.

资源类型	声明权限	推断权限	状态	证据
命令执行	`READ`	`READ`	✓ 一致	SKILL.md and references/* describe only diagnostic SSH exec commands (lscpu, sma…
文件系统	`WRITE`	`WRITE`	✓ 一致	linux-audit.md:252 'DOC_DIR=/DATA/local_database/${PROJECT}/Servers/${HOSTNAME}'…
网络访问	`READ`	`READ`	✓ 一致	All network access is via SSH to remote servers for diagnostic commands only (ip…
环境变量	`NONE`	`NONE`	—	No environment variable access detected; HOSTNAME/SERVER_IP are captured from th…
技能调用	`NONE`	`NONE`	—	No skill chaining or inter-skill invocation present
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser automation found
数据库	`NONE`	`NONE`	—	No database access found

目录结构

4 文件 · 29.7 KB · 697 行

Markdown 4f · 697L

├─ ▾ 📁 references

│ ├─ 📝 linux-audit.md Markdown 252L · 9.8 KB

│ └─ 📝 proxmox-audit.md Markdown 236L · 9.2 KB

├─ 📝 README.md Markdown 30L · 1.6 KB

└─ 📝 SKILL.md Markdown 179L · 9.1 KB

安全亮点

✓ Skill explicitly scopes to read-only operations ('Аудит = тільки читати') with enumerated prohibitions against state-changing commands

✓ All SSH commands are fully declared in SKILL.md and reference files — no hidden functionality

✓ Commands use standard diagnostic tools (lscpu, dmidecode, smartctl, journalctl, ipmitool, etc.) that match the documented purpose

✓ Documentation saving writes to a predictable local Obsidian vault path — not an external server

✓ No external network connections to unknown IPs; all remote access is over SSH to user-provided server addresses

✓ No obfuscation techniques (base64, eval, atob) present

✓ No credential harvesting, no data exfiltration, no reverse shell indicators

✓ No malicious dependencies — entire file tree is markdown documentation only

✓ Skill is version-controlled and documented with clear trigger conditions and audit workflow