中文 EN
Start Review
Skill Trust Decision

sharkflow

SKILL.md声明大量DeFi功能(链上交互、多签工作流、定时任务等),但实际代码flow.mjs仅是占位符存根,文档-行为严重不符,存在欺骗风险

Install decision first Source: ClawHub Scanned: Apr 20, 2026
Files 5
Artifacts 4
Violations 1
Findings 4
Most direct threat evidence
High Doc Mismatch
SKILL.md声明功能远超实际代码能力

SKILL.md详细描述了任务队列、多签工作流、定时任务执行、链上智能合约交互等功能,并列出deposit/swap/stake/claim/bridge等操作。但实际代码scripts/flow.mjs仅打印占位信息'项目开发中...',无任何实际功能实现。文档-行为严重不符,欺骗用户

SKILL.md:1-100 vs scripts/flow.mjs:1-30:1

Why this conclusion was reached

2/4 dimensions flagged
Block
Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review
Hidden execution and egress

4 lower-risk artifacts were extracted and still need context.

Block
Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Pass
Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

文档-行为严重不符 +25

SKILL.md声明完整DeFi功能套件,flow.mjs仅输出'开发中'占位符

声明未声明的network能力 +10

SKILL.md声称可与链上合约交互,但未声明allowed-tools

未使用依赖 +5

package.json声明node-fetch但代码中未使用

无恶意行为发现 +-5

代码未发现shell执行、凭证收割、数据外泄

Most important evidence

High Doc Mismatch

SKILL.md声明功能远超实际代码能力

SKILL.md详细描述了任务队列、多签工作流、定时任务执行、链上智能合约交互等功能,并列出deposit/swap/stake/claim/bridge等操作。但实际代码scripts/flow.mjs仅打印占位信息'项目开发中...',无任何实际功能实现。文档-行为严重不符,欺骗用户

SKILL.md:1-100 vs scripts/flow.mjs:1-30:1
删除或更新SKILL.md中的功能声明,使其与实际代码能力一致;或将flow.mjs补充完整实现
Medium Doc Mismatch

allowed-tools声明缺失

SKILL.md声称可进行链上智能合约交互、多签钱包操作等高权限行为,但未声明任何allowed-tools。根据技能规范,应明确声明filesystem:READ/WRITE、network:READ等权限级别

SKILL.md:1
添加allowed-tools声明,明确技能所需的系统权限
Low Supply Chain

package.json声明未使用的依赖

package.json声明了node-fetch依赖(版本^3.3.2),但实际代码scripts/template.mjs和flow.mjs均未使用此依赖,可能引入不必要的供应链风险

package.json:19
移除未使用的node-fetch依赖,或在代码中实际使用它
Info Doc Mismatch

模板系统部分实现

scripts/template.mjs实现了模板管理功能(list/show/create/delete),可正常读写本地templates目录。但该功能未在SKILL.md的Usage章节中详细说明,仅在Features中一笔带过

scripts/template.mjs:1
在SKILL.md的Usage章节补充模板系统使用方法

Declared capability vs actual capability

Filesystem Pass
Declared NONE
Inferred READ
template.mjs:24-28 fs.readdirSync读取templates目录
Network Block
Declared NONE
Inferred NONE
SKILL.md声称链上交互但flow.mjs无网络代码;node-fetch声明未使用
Shell Pass
Declared NONE
Inferred NONE
无shell调用

Suspicious artifacts and egress

Medium Wallet Address
0x33f943e71c7b7c4e88802a68e62cca91dab65ad9

README.md:13

Medium Wallet Address
0xcb5173e3f5c2e32265fbbcaec8d26d49bf290e44

README.md:14

Medium External URL
https://clawhub.com/skills/sharkflow

package.json:32

Info Email
[email protected]

README.md:129

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
node-fetch ^3.3.2 npm No 声明但代码中未使用

File composition

5 files · 571 lines
Markdown 2 files · 270 linesJavaScript 2 files · 263 linesJSON 1 files · 38 lines
Files of concern · 4
scripts/template.mjs JavaScript · 239 lines
模板系统部分实现
README.md Markdown · 135 lines
0x33f943e71c7b7c4e88802a68e62cca91dab65ad9 · 0xcb5173e3f5c2e32265fbbcaec8d26d49bf290e44 · [email protected]
SKILL.md Markdown · 135 lines
allowed-tools声明缺失
package.json JSON · 38 lines
package.json声明未使用的依赖 · https://clawhub.com/skills/sharkflow
Other files · flow.mjs

Security positives

代码无shell执行、subprocess调用
无凭证收割、环境变量遍历
无数据外泄、远程通信
无base64编码、eval执行等混淆行为
template.mjs的文件操作局限在templates/子目录,无敏感路径访问