扫描报告
5 /100
skill-vetting
Vet ClawHub skills for security and utility before installation
This is a legitimate security-scanning skill for vetting ClawHub skills. All flagged IOCs are teaching examples in documentation, not actual malicious code.
可以安装
This skill is safe to install and use. The scanner and documentation are well-designed for their security-review purpose.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: scanner reads skill files for pattern matching |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: download examples show curl to clawhub.ai only |
| 命令执行 | NONE | NONE | — | No shell execution in scanner.py; subprocess patterns detected are for security … |
1 严重 6 项发现
严重 危险命令 危险 Shell 命令
rm -rf / references/patterns.md:20 中危 外部 URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SLUG ARCHITECTURE.md:138 中危 外部 URL 外部 URL
https://clawhub.ai/api/v1/download?slug=SKILL_NAME SKILL.md:15 中危 外部 URL 外部 URL
https://attacker.com/exfil references/patterns.md:63 中危 外部 URL 外部 URL
http://random-ip:8080/payload.py references/patterns.md:64 中危 外部 URL 外部 URL
https://attacker.com references/patterns.md:159 目录结构
5 文件 · 30.2 KB · 904 行 Markdown 3f · 667L
Python 1f · 232L
JSON 1f · 5L
├─
▾
references
│ └─
patterns.md
Markdown
├─
▾
scripts
│ └─
scan.py
Python
├─
_meta.json
JSON
├─
ARCHITECTURE.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Comprehensive security scanner with pattern detection for code execution, obfuscation, network calls, and prompt injection
✓ Clear documentation of red flags and legitimate vs suspicious patterns
✓ Prompt injection detection with CRITICAL severity rules
✓ Well-structured pattern database for security analysis
✓ Exit codes properly implemented (0=clean, 1=issues found)
✓ No actual malicious code, only teaching examples
✓ Documentation accurately describes tool capabilities