ai-shifu-course-creator 安全扫描报告 — 低风险 | ClawSafe

5 /100

ai-shifu-course-creator

Convert raw course material into optimized MarkdownFlow teaching scripts and deploy them as live AI-Shifu courses through a five-phase pipeline

A legitimate AI-Shifu course-authoring and deployment skill with no malicious behavior; all network IOCs resolve to the documented AI-Shifu platform, shell usage is declared for Phase 5 deployment, and no credential harvesting or data exfiltration is present.

技能名称ai-shifu-course-creator

分析耗时63.9s

引擎pi

✓

可以安装

Consider explicitly listing shell:WRITE in the capability interface for Phase 5 CLI commands. No blocks needed.

安全发现 2 项

严重性	安全发现	位置
低危	Shell execution undeclared in skill interface 权限提升 The skill interface section does not list shell:WRITE, yet Phase 5 deployment documented in SKILL.md requires running CLI commands (python3 scripts/shifu-cli.py build/import/publish). This is a documentation gap rather than hidden behavior. `Use these optional controls across all phases` → Add shell:WRITE to the allowed-tools mapping or document CLI invocation as a prerequisite in the Phase 5 section	`SKILL.md:464`
低危	Network capability inferred as WRITE but declared as READ 文档欺骗 SKILL.md implies read-only API access, but shifu-cli.py performs full CRUD operations (POST/PUT/DELETE) against the platform. This is expected behavior for a deployment tool but not reflected in the resource declaration. `Always use CLI commands. Never make raw HTTP/API calls directly.` → Consider declaring network:WRITE for Phase 5 operations or clarify the resource model distinction between the skill's LLM reasoning and the CLI execution layer	`SKILL.md:483`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	shifu-cli.py reads course directories and lesson files for build/import
网络访问	`READ`	`WRITE`	✓ 一致	shifu-cli.py makes POST/PUT/DELETE API calls to app.ai-shifu.cn; SKILL.md line ~…
命令执行	`NONE`	`WRITE`	✓ 一致	SKILL.md Phase 5 requires running 'python3 scripts/shifu-cli.py build --course-d…
环境变量	`NONE`	`READ`	✓ 一致	Reads SHIFU_TOKEN and SHIFU_BASE_URL from .env via python-dotenv, scoped to own …
技能调用	`NONE`	`NONE`	—	No inter-skill invocation observed
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No direct database access

9 项发现

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn/shifu/

SKILL.md:492

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.com/shifu/

SKILL.md:492

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn/c/

SKILL.md:493

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.com/c/

SKILL.md:493

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn/shifu/abc123-def456

examples/end-to-end-deploy.md:67

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn/c/abc123-def456?preview=true

examples/end-to-end-deploy.md:68

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn/c/abc123-def456?preview=true&lessonid=

examples/end-to-end-deploy.md:69

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.cn

references/cli-reference.md:21

🔗

中危外部 URL 外部 URL

https://app.ai-shifu.com

references/cli-reference.md:21

目录结构

28 文件 · 142.4 KB · 3785 行

Markdown 24f · 2113L Python 1f · 1126L HTML 1f · 340L JSON 1f · 202L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 361 B

├─ ▾ 📁 evals

│ ├─ ▾ 📁 trigger

│ │ ├─ 📝 trigger_eval_design.md Markdown 65L · 3.0 KB

│ │ └─ 📋 trigger_eval.json JSON 202L · 10.5 KB

│ └─ 📄 trigger_eval_report.html HTML 340L · 23.5 KB

├─ ▾ 📁 examples

│ ├─ 📝 deploy-only.md Markdown 55L · 1.3 KB

│ ├─ 📝 end-to-end-deploy.md Markdown 75L · 1.8 KB

│ ├─ 📝 fallback-mode.md Markdown 130L · 2.8 KB

│ ├─ 📝 generation-only.md Markdown 98L · 2.1 KB

│ ├─ 📝 optimization-only.md Markdown 100L · 2.4 KB

│ ├─ 📝 pipeline-full.md Markdown 111L · 2.6 KB

│ └─ 📝 segmentation-only.md Markdown 104L · 2.6 KB

├─ ▾ 📁 references

│ ├─ 📝 cli-reference.md Markdown 113L · 4.6 KB

│ ├─ 📝 cognitive-techniques.md Markdown 22L · 607 B

│ ├─ 📝 course-directory-spec.md Markdown 52L · 1.9 KB

│ ├─ 📝 import-json-format.md Markdown 41L · 1.2 KB

│ ├─ 📝 input-contract.md Markdown 85L · 2.2 KB

│ ├─ 📝 language-resolution.md Markdown 25L · 809 B

│ ├─ 📝 lesson-template.md Markdown 37L · 1.1 KB

│ ├─ 📝 markdownflow-spec.md Markdown 31L · 642 B

│ ├─ 📝 optimization-methodology.md Markdown 25L · 599 B

│ ├─ 📝 output-contract.md Markdown 102L · 2.3 KB

│ ├─ 📝 preservation-rules.md Markdown 23L · 548 B

│ ├─ 📝 report-template.md Markdown 115L · 2.3 KB

│ ├─ 📝 review-checklist.md Markdown 24L · 632 B

│ ├─ 📝 segmentation-rules.md Markdown 41L · 1.1 KB

│ └─ 📝 teaching-patterns.md Markdown 24L · 551 B

├─ ▾ 📁 scripts

│ └─ 🐍 shifu-cli.py Python 1126L · 44.2 KB

└─ 📝 SKILL.md Markdown 615L · 24.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned; standard HTTP library with no RCE vectors in this usage
`python-dotenv`	`*`	pip	否	Version not pinned; used only for local .env management with restricted file mode

安全亮点

✓ No credential harvesting: token is stored only in the skill's own .env file via python-dotenv with 0o600 permissions

✓ Path traversal protection: safe_join_path() uses realpath + prefix check before any file read/write

✓ No external IP connections beyond the documented AI-Shifu platform domains (app.ai-shifu.cn, app.ai-shifu.com)

✓ No base64 encoding, eval(), or obfuscated code execution

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env beyond own scope)

✓ No supply chain risks: requests and python-dotenv are well-maintained, pinned dependencies

✓ All 9 network IOCs are legitimate AI-Shifu platform URLs confirmed by pre-scan

✓ SMS login flow is clearly scoped to the course platform with no hidden data transmission

✓ Optimistic locking implemented for lesson updates to prevent race conditions

✓ Comprehensive eval suite (40 cases, 98% accuracy) confirms the skill behaves as documented