扫描报告
20 /100
lobster-keeper
自动执行日常维护:状态检查、自我复盘、记忆流动、任务记录。基于龙虾饲养员的六条经验。
A simple self-maintenance skill that reads agent state files and generates status reports, with minor doc-to-declaration mismatches for undeclared tool references.
可以安装
No immediate action required. Consider adding explicit `allowed-tools` (Read, list_skills) and resource declarations (filesystem:READ) to the frontmatter to eliminate the documentation gap.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Undeclared tool references in documentation 文档欺骗 | SKILL.md:14 |
| 低危 | Missing resource permission declarations privile_escalation | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | SKILL.md:27 — reads IDENTITY.md, SOUL.md, USER.md, MEMORY.md, memory/YYYY-MM-DD.… |
| 技能调用 | NONE | READ | ✓ 一致 | SKILL.md:19 — calls list_skills to list installed skills |
| 命令执行 | NONE | NONE | — | SKILL.md:14 — 'exec' tool is mentioned but not actually used or present in code |
目录结构
1 文件 · 1.8 KB · 36 行 Markdown 1f · 36L
└─
SKILL.md
Markdown
安全亮点
✓ Single-file, self-contained skill with no external dependencies or scripts
✓ No network requests, credential access, or data exfiltration behavior
✓ No obfuscation, base64-encoded content, or suspicious patterns
✓ Functionality is limited to benign self-maintenance: reading state files and generating reports
✓ No sensitive paths (SSH, AWS, .env) are accessed
✓ No remote code execution, downloads, or supply chain risks