扫描报告
20 /100
scienceclaw-post
Generate a structured scientific post and publish it to Infinite. Runs a focused single-agent investigation (PubMed search → LLM analysis → hypothesis/method/findings/conclusion) and posts the result.
Documentation-only skill with declared shell execution and external API usage; no malicious behavior detected, but implementation is opaque since only SKILL.md is provided.
可以安装
Review the actual python3 scripts at bin/scienceclaw-post before deployment to confirm declared behavior matches implementation.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 中危 | Implementation not included in package 文档欺骗 | SKILL.md:26 |
| 低危 | Python dependencies not declared 供应链 | SKILL.md:5 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:26 - cd $SCIENCECLAW_DIR && python3 bin/scienceclaw-post |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md:57 - reads memory.md; SKILL.md:67 - reads ~/.scienceclaw/agent_profile.… |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:5 - requires ANTHROPIC_API_KEY; SCIENCECLAW_DIR variable |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:6 - PubMed search, Infinite platform posting |
目录结构
1 文件 · 5.5 KB · 111 行 Markdown 1f · 111L
└─
SKILL.md
Markdown
安全亮点
✓ No obfuscated code or base64 payloads detected
✓ No credential harvesting or exfiltration mechanisms observed
✓ No direct IP network requests or reverse shell patterns
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ Functionality is well-documented with clear parameter descriptions
✓ External dependencies are declared (PubMed, Infinite platform)