中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
embodied-ai-weekly
具身智能周报自动化生成与发布技能 - ArXiv论文检索、GitHub开源项目追踪、综合报告生成与GitHub Pages发布
A legitimate content aggregation skill for generating embodied AI weekly reports with no malicious behavior, though shell/git operations are not explicitly declared in allowed-tools.
技能名称embodied-ai-weekly
分析耗时27.0s
引擎pi
可以安装
No immediate action required. Consider explicitly declaring shell:WRITE in the skill metadata for git operations.

安全发现 2 项

严重性 安全发现 位置
低危
Shell operations not declared in metadata
The SKILL.md describes a workflow using git commands (clone, add, commit, push) but the frontmatter only declares web_fetch capability. These git operations require shell:WRITE.
---
name: embodied-ai-weekly
description: "具身智能周报自动化生成..."
---
→ Add 'shell:WRITE' to declared capabilities if git operations are intended to be executed programmatically.
 SKILL.md:1
低危
External CDN dependency for Chart.js
HTML reports reference Chart.js from cdn.jsdelivr.net. This is standard practice but introduces a minor external dependency.
https://cdn.jsdelivr.net/npm/chart.js
→ Consider inlining Chart.js or hosting it within the skill for offline capability.
 SKILL.md:91
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 Uses web_fetch for ArXiv/GitHub API requests
文件系统 WRITE WRITE ✓ 一致 Generates .md and .html reports as documented
命令执行 NONE WRITE ✓ 一致 SKILL.md:167-186 describes git clone/add/commit/push operations
环境变量 NONE NONE No environment variable access observed
数据库 NONE NONE No database access
13 项发现
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=
SKILL.md:26
🔗
中危 外部 URL 外部 URL
https://arxiv.org/list/cs.RO/recent
SKILL.md:31
🔗
中危 外部 URL 外部 URL
https://arxiv.org/list/cs.CV/recent
SKILL.md:32
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=embodied+perception+affordance+3d+scene&searchtype=all&order=-announced_date_first
references/arxiv_search_guide.md:36
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=embodied+planning+LLM+robot+long-horizon&searchtype=all&order=-announced_date_first
references/arxiv_search_guide.md:63
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=dexterous+manipulation+diffusion+policy+visuomotor&searchtype=all&order=-announced_date_...
references/arxiv_search_guide.md:91
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=world+model+robot+reinforcement+learning+sim-to-real&searchtype=all&order=-announced_dat...
references/arxiv_search_guide.md:118
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=vision+language+action+embodied+agent+VLA&searchtype=all&order=-announced_date_first
references/arxiv_search_guide.md:145
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=robotic+simulation+benchmark+embodied+dataset&searchtype=all&order=-announced_date_first
references/arxiv_search_guide.md:172
🔗
中危 外部 URL 外部 URL
https://arxiv.org/search/?query=human+robot+interaction+shared+autonomy+intention&searchtype=all&order=-announced_date_f...
references/arxiv_search_guide.md:199
🔗
中危 外部 URL 外部 URL
https://arxiv.org/abs/XXXX.XXXXX
references/arxiv_search_guide.md:218
🔗
中危 外部 URL 外部 URL
https://arxiv.org/abs/XXXX
references/html_template_guide.md:211
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:167

目录结构

4 文件 · 29.3 KB · 1037 行
Markdown 4f · 1037L
├─ 📁 references
│ ├─ 📝 arxiv_search_guide.md Markdown 245L · 5.4 KB
│ ├─ 📝 github_search_guide.md Markdown 175L · 5.7 KB
│ └─ 📝 html_template_guide.md Markdown 384L · 10.1 KB
└─ 📝 SKILL.md Markdown 233L · 8.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
chart.js * cdn.jsdelivr.net External CDN dependency

安全亮点

✓ No executable scripts in the package - only documentation
✓ All web requests target legitimate academic/commercial APIs (ArXiv, GitHub)
✓ No credential harvesting or exfiltration behavior
✓ No base64 encoding, eval(), or obfuscated code
✓ File operations are fully documented for report generation
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Intent is clearly documented as content aggregation