knowledge-gaps 安全扫描报告 — 可信 | ClawSafe

5 /100

knowledge-gaps

Track questions Hans failed to answer and flag missing knowledge

A benign documentation-only skill that references a non-existent Python script for logging knowledge gaps, with no executable code present to analyze.

技能名称knowledge-gaps

分析耗时22.9s

引擎pi

✓

可以安装

Skill is safe to use. No scripts exist at the referenced path ./scripts/log-knowledge-gap.py — the skill cannot actually function as documented until the script is created.

安全发现 1 项

严重性	安全发现	位置
提示	Reference to non-existent script 文档欺骗 SKILL.md declares execution of './scripts/log-knowledge-gap.py' but no scripts directory or Python files exist in the skill package. The skill cannot function as documented. `exec python3 ./scripts/log-knowledge-gap.py "The question the user asked" "What knowledge was missing"` → Create the referenced script if the skill functionality is needed, or remove the script reference from documentation.	`SKILL.md:8`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`NONE`	—	SKILL.md line 8 mentions 'exec python3' but the referenced script ./scripts/log-…
文件系统	`NONE`	`NONE`	—	No file writes occur in any present code (none exists)

目录结构

1 文件 · 1.2 KB · 27 行

Markdown 1f · 27L

└─ 📝 SKILL.md Markdown 27L · 1.2 KB

安全亮点

✓ No credential harvesting or environment variable access observed

✓ No network requests or data exfiltration patterns present

✓ No obfuscation techniques (base64, eval, etc.) detected

✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)

✓ No supply chain risks (no dependencies declared)

✓ No persistence mechanisms or backdoor installations