中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:22 小时前 重新扫描
5 /100
skillme
Use when user asks to find, search, add, or install skills, or discover agent capabilities. Searches ClawHub and skills.sh simultaneously and can auto-convert skills.sh results into OpenClaw-compatible format.
Skill discovery and conversion tool with fully documented behavior; all network fetches target known GitHub URLs, file writes are scoped to user-specified output paths, and shell usage is explicitly shown in SKILL.md.
技能名称skillme
分析耗时33.7s
引擎pi
可以安装
No action needed. If policy requires declared capabilities in frontmatter, add a capability declaration to SKILL.md for future hardening.

安全发现 1 项

严重性 安全发现 位置
提示
Missing capability frontmatter 文档欺骗
SKILL.md does not declare shell, network, or filesystem capabilities in its YAML frontmatter. All operations are however explicitly documented in the body text.
--- (no capability fields present)
→ Add 'allowed-tools' field to frontmatter listing Bash and Read/Write tools, e.g. '# allowed-tools: Bash, Read, Write'
 SKILL.md:1
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 SKILL.md lines 12-20 show exec clawhub/npx commands
网络访问 NONE READ ✓ 一致 SKILL.md lines 54-60 describe URL fetching; scripts/convert_skillssh.py:fetch_ur…
文件系统 NONE WRITE ✓ 一致 SKILL.md line 64 shows python convert script with --output flag; scripts/convert…
4 项发现
🔗
中危 外部 URL 外部 URL
https://skills.sh/vercel-labs/agent-skills/react-best-practices
SKILL.md:52
🔗
中危 外部 URL 外部 URL
https://skills.sh/owner/repo/skill
scripts/convert_skillssh.py:10
🔗
中危 外部 URL 外部 URL
https://skills.sh/
scripts/convert_skillssh.py:46
🔗
中危 外部 URL 外部 URL
https://skills.sh/owner/repo/skill\n
scripts/convert_skillssh.py:90

目录结构

2 文件 · 14.1 KB · 418 行
Python 1f · 272L Markdown 1f · 146L
├─ 📁 scripts
│ └─ 🐍 convert_skillssh.py Python 272L · 9.3 KB
└─ 📝 SKILL.md Markdown 146L · 4.8 KB

安全亮点

✓ All network requests target explicit GitHub URLs (raw.githubusercontent.com, raw.githubusercontent.com) — no arbitrary IP or C2
✓ File writes are scoped to user-supplied --output path — no unconditional writes to sensitive locations
✓ No obfuscation: script is readable Python with clear function names
✓ No credential harvesting or environment variable iteration
✓ No base64-encoded payloads, no eval(), no subprocess.Popen with shell=True from untrusted input
✓ URL fetching uses Python stdlib urllib — no third-party HTTP libraries that could exfiltrate data
✓ Input parsing uses safe argument parser with no shell=True risk
✓ The alternate-URL fallback in try_alternate_urls() only probes GitHub-owned domains