中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:20 hr ago Rescan
10 /100
gauntletscore
Trust verification for AI output — verify any document or code before you act on it
GauntletScore is a legitimate API-based document/code verification service. The pre-scan IOCs are false positives—'curl|bash' and 'gsk_your_key_here' are documentation references, not actual execution or hardcoded credentials.
Skill Namegauntletscore
Duration34.8s
Enginepi
Safe to install
This skill is safe to use. The declared network access to api.gauntletscore.com is necessary for the service functionality. Consider the Sovereign Edition for air-gapped environments.

Findings 3 items

Severity Finding Location
Info
Intentional external data transfer Data Exfil
Documents and code are sent to api.gauntletscore.com for analysis. This is the core service function, declared in documentation, with Sovereign Edition as an air-gapped alternative.
POST https://api.gauntletscore.com/v1/analyze
→ Inform users about data being sent externally. Sovereign Edition recommended for sensitive environments.
 SKILL.md:53
Info
IOC false positive: curl|bash reference Doc Mismatch
The pre-scan flagged 'curl|bash' at line 95, but this appears in the 'What It Catches' section describing what the service can detect—not actual execution.
Download-and-execute attacks (curl | bash)
→ No action needed; this is documentation, not code.
 SKILL.md:95
Info
IOC false positive: gsk_your_key_here placeholder Doc Mismatch
The pre-scan flagged 'gsk_your_key_here' at line 27, but this is a configuration example placeholder, not a real credential.
GAUNTLET_API_KEY = "gsk_your_key_here"
→ No action needed; this is a placeholder showing expected format.
 SKILL.md:27
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md:53-78 — API endpoint documentation
Environment READ READ ✓ Aligned SKILL.md:19 — requiredEnv: GAUNTLET_API_KEY
Filesystem NONE NONE N/A — No file access required or used
Shell NONE NONE N/A — No shell commands executed
Database NONE NONE N/A — No database access
Clipboard NONE NONE N/A — No clipboard access
Browser NONE NONE N/A — No browser automation
Skill Invoke NONE NONE N/A — No skill chaining
1 Critical 1 High 15 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl | bash
SKILL.md:95
🔑
High API Key 疑似硬编码凭证
API_KEY = "gsk_your_key_here"
SKILL.md:27
🔗
Medium External URL 外部 URL
https://gauntletscore.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://api.gauntletscore.com
SKILL.md:8
🔗
Medium External URL 外部 URL
https://api.gauntletscore.com/v1/analyze
SKILL.md:53
🔗
Medium External URL 外部 URL
https://clawhub.ai/skills/gauntlet-validate/SKILL.md
SKILL.md:70
🔗
Medium External URL 外部 URL
https://api.gauntletscore.com/v1/jobs/
SKILL.md:77
🔗
Medium External URL 外部 URL
https://gauntletscore.com/pricing
SKILL.md:125
🔗
Medium External URL 外部 URL
https://api.gauntletscore.com/v1/verify/
SKILL.md:132
🔗
Medium External URL 外部 URL
https://gauntletscore.com/docs
SKILL.md:139
🔗
Medium External URL 外部 URL
https://gauntletscore.com/terms
SKILL.md:140
🔗
Medium External URL 外部 URL
https://gauntletscore.com/privacy
SKILL.md:141
🔗
Medium External URL 外部 URL
https://gauntletscore.com/acceptable-use
SKILL.md:142
🔗
Medium External URL 外部 URL
https://genstrata.com
SKILL.md:146
📧
Info Email 邮箱地址
[email protected]
SKILL.md:126

File Tree

1 files · 5.3 KB · 148 lines
Markdown 1f · 148L
└─ 📝 SKILL.md Markdown 148L · 5.3 KB

Security Positives

✓ No executable scripts or code files present
✓ No credential harvesting beyond the declared API key
✓ Analysis is explicitly read-only (code never executed)
✓ Cryptographic certificate verification is a positive security feature
✓ Sovereign Edition available for air-gapped environments
✓ Adversarial multi-agent architecture reduces single-point failures
✓ No obfuscation, base64 encoding, or hidden functionality
✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env)
✓ All behavior is clearly documented in SKILL.md