Scan Report
15 /100
embodied-ai-weekly
具身智能周报自动化生成与发布技能 - ArXiv论文检索、GitHub开源项目追踪、综合报告生成与GitHub Pages发布
A legitimate content aggregation skill for generating embodied AI weekly reports with no malicious behavior, though shell/git operations are not explicitly declared in allowed-tools.
Safe to install
No immediate action required. Consider explicitly declaring shell:WRITE in the skill metadata for git operations.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Shell operations not declared in metadata | SKILL.md:1 |
| Low | External CDN dependency for Chart.js | SKILL.md:91 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | Uses web_fetch for ArXiv/GitHub API requests |
| Filesystem | WRITE | WRITE | ✓ Aligned | Generates .md and .html reports as documented |
| Shell | NONE | WRITE | ✓ Aligned | SKILL.md:167-186 describes git clone/add/commit/push operations |
| Environment | NONE | NONE | — | No environment variable access observed |
| Database | NONE | NONE | — | No database access |
13 findings
Medium External URL 外部 URL
https://arxiv.org/search/?query= SKILL.md:26 Medium External URL 外部 URL
https://arxiv.org/list/cs.RO/recent SKILL.md:31 Medium External URL 外部 URL
https://arxiv.org/list/cs.CV/recent SKILL.md:32 Medium External URL 外部 URL
https://arxiv.org/search/?query=embodied+perception+affordance+3d+scene&searchtype=all&order=-announced_date_first references/arxiv_search_guide.md:36 Medium External URL 外部 URL
https://arxiv.org/search/?query=embodied+planning+LLM+robot+long-horizon&searchtype=all&order=-announced_date_first references/arxiv_search_guide.md:63 Medium External URL 外部 URL
https://arxiv.org/search/?query=dexterous+manipulation+diffusion+policy+visuomotor&searchtype=all&order=-announced_date_... references/arxiv_search_guide.md:91 Medium External URL 外部 URL
https://arxiv.org/search/?query=world+model+robot+reinforcement+learning+sim-to-real&searchtype=all&order=-announced_dat... references/arxiv_search_guide.md:118 Medium External URL 外部 URL
https://arxiv.org/search/?query=vision+language+action+embodied+agent+VLA&searchtype=all&order=-announced_date_first references/arxiv_search_guide.md:145 Medium External URL 外部 URL
https://arxiv.org/search/?query=robotic+simulation+benchmark+embodied+dataset&searchtype=all&order=-announced_date_first references/arxiv_search_guide.md:172 Medium External URL 外部 URL
https://arxiv.org/search/?query=human+robot+interaction+shared+autonomy+intention&searchtype=all&order=-announced_date_f... references/arxiv_search_guide.md:199 Medium External URL 外部 URL
https://arxiv.org/abs/XXXX.XXXXX references/arxiv_search_guide.md:218 Medium External URL 外部 URL
https://arxiv.org/abs/XXXX references/html_template_guide.md:211 Info Email 邮箱地址
[email protected] SKILL.md:167 File Tree
4 files · 29.3 KB · 1037 lines Markdown 4f · 1037L
├─
▾
references
│ ├─
arxiv_search_guide.md
Markdown
│ ├─
github_search_guide.md
Markdown
│ └─
html_template_guide.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
chart.js | * | cdn.jsdelivr.net | No | External CDN dependency |
Security Positives
✓ No executable scripts in the package - only documentation
✓ All web requests target legitimate academic/commercial APIs (ArXiv, GitHub)
✓ No credential harvesting or exfiltration behavior
✓ No base64 encoding, eval(), or obfuscated code
✓ File operations are fully documented for report generation
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Intent is clearly documented as content aggregation