electron-audit Security Report — Trusted | ClawSafe

5 /100

electron-audit

Electron 桌面应用全攻击面安全审计 - Comprehensive security auditing guide for Electron desktop applications

This is a legitimate security auditing skill for Electron applications consisting entirely of documentation files with no executable code. All references to attacker infrastructure are educational examples explaining attack patterns for security testing purposes.

Skill Nameelectron-audit

Duration33.2s

Enginepi

✓

Safe to install

This skill is safe to use. No action required. The skill provides comprehensive guidance for security researchers to audit Electron applications.

Findings 2 items

Severity	Finding	Location
Info	Attacker domain references in documentation References to 'attacker.com', 'evil.com', and similar domains appear throughout the documentation. These are standard security testing example domains used in educational content to illustrate attack scenarios (e.g., XSS payload redirects, C2 exfiltration destinations). This is legitimate security documentation practice. `https://attacker.com/log?key=, https://evil.com/phishing.html` → No action needed. This is standard security education content.	`references/PROTOCOL_RCE.md, references/JS_BRIDGE_EXPLOIT.md, references/XSS_TO_RCE.md, references/FUSE_BINARY_EXPLOIT.md:Various`
Info	Comprehensive attack methodology documentation The skill documents extensive offensive techniques including RCE, XSS chains, DLL hijacking, Fuse abuse, and local data theft. This is appropriate for legitimate penetration testing and security research purposes. `Documentation of attack patterns for security auditing` → No action needed. This content serves legitimate security testing purposes.	`SKILL.md and all references/*.md:Various`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No script files present, only documentation
Network	`NONE`	`NONE`	—	No network access required, documentation-only skill
Shell	`NONE`	`NONE`	—	No shell commands in skill, references are command examples in documentation
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	Documentation skill, no sub-skill invocation
Clipboard	`NONE`	`NONE`	—	Not accessed
Browser	`NONE`	`NONE`	—	Documentation skill
Database	`NONE`	`NONE`	—	Not accessed

23 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:9222

SKILL.md:300

🔗

Medium External URL 外部 URL

https://evil.com

SKILL.md:502

🔗

Medium External URL 外部 URL

https://www.electronjs.org/blog/tags/security

references/CONFIG_AUDIT.md:185

🔗

Medium External URL 外部 URL

https://chromereleases.googleblog.com/

references/CONFIG_AUDIT.md:186

🔗

Medium External URL 外部 URL

https://releases.electronjs.org/

references/ELECTRON_CVE_DATABASE.md:70

🔗

Medium External URL 外部 URL

https://v8.dev/blog

references/ELECTRON_CVE_DATABASE.md:131

🔗

Medium External URL 外部 URL

https://nodejs.org/en/blog/vulnerability

references/ELECTRON_CVE_DATABASE.md:190

🔗

Medium External URL 外部 URL

http://attacker.com/shell.ps1\\\

references/FUSE_BINARY_EXPLOIT.md:53

🔗

Medium External URL 外部 URL

https://attacker.com/beacon?host=

references/FUSE_BINARY_EXPLOIT.md:329

🔗

Medium External URL 外部 URL

https://attacker.com/log?data=

references/JS_BRIDGE_EXPLOIT.md:324

🔗

Medium External URL 外部 URL

https://attacker.com/log?env=

references/JS_BRIDGE_EXPLOIT.md:327

🔗

Medium External URL 外部 URL

https://attacker.com/log?c=

references/PROTOCOL_RCE.md:95

🔗

Medium External URL 外部 URL

https://evil.com/phishing.html

references/PROTOCOL_RCE.md:133

🔗

Medium External URL 外部 URL

https://attacker.com

references/PROTOCOL_RCE.md:231

🔗

Medium External URL 外部 URL

https://untrusted.com

references/PROTOCOL_RCE.md:383

🔗

Medium External URL 外部 URL

https://cdn.example.com/lib.js

references/SUPPLY_CHAIN.md:184

🔗

Medium External URL 外部 URL

https://attacker.com/log?key=

references/XSS_TO_RCE.md:140

🔗

Medium External URL 外部 URL

https://attacker.com/?c=

references/XSS_TO_RCE.md:234

🔗

Medium External URL 外部 URL

https://attacker.com/?ls=

references/XSS_TO_RCE.md:237

🔗

Medium External URL 外部 URL

https://attacker.com/?k=

references/XSS_TO_RCE.md:240

🔗

Medium External URL 外部 URL

https://attacker.com/phish

references/XSS_TO_RCE.md:243

🔗

Medium External URL 外部 URL

https://hooks\.slack\.com/services/T[A-Z0-9

rules/sensitive_patterns.txt:37

🔗

Medium External URL 外部 URL

https://discord(app

rules/sensitive_patterns.txt:38

File Tree

12 files · 138.6 KB · 4525 lines

Markdown 11f · 4439L Text 1f · 86L

├─ ▾ 📁 references

│ ├─ 📝 CONFIG_AUDIT.md Markdown 210L · 6.2 KB

│ ├─ 📝 DEVTOOLS_BYPASS.md Markdown 540L · 14.2 KB

│ ├─ 📝 ELECTRON_CVE_DATABASE.md Markdown 236L · 8.1 KB

│ ├─ 📝 FUSE_BINARY_EXPLOIT.md Markdown 415L · 10.7 KB

│ ├─ 📝 JS_BRIDGE_EXPLOIT.md Markdown 480L · 14.8 KB

│ ├─ 📝 LOCAL_DATA_ANALYSIS.md Markdown 445L · 10.3 KB

│ ├─ 📝 OUTPUT_TEMPLATE.md Markdown 264L · 7.3 KB

│ ├─ 📝 PROTOCOL_RCE.md Markdown 430L · 12.1 KB

│ ├─ 📝 SUPPLY_CHAIN.md Markdown 257L · 6.7 KB

│ └─ 📝 XSS_TO_RCE.md Markdown 389L · 12.1 KB

├─ ▾ 📁 rules

│ └─ 📄 sensitive_patterns.txt Text 86L · 6.1 KB

└─ 📝 SKILL.md Markdown 773L · 30.0 KB

Security Positives

✓ No executable code present - purely documentation

✓ No credential harvesting or exfiltration mechanisms

✓ No C2 infrastructure or command-and-control patterns

✓ No reverse shells or backdoors

✓ No supply chain risks (no dependencies to install)

✓ Well-structured security audit methodology for legitimate purposes

✓ Includes anti-pattern rules to prevent false positives in reports

✓ Contains false positive filtering rules for responsible disclosure

Scan Report

Findings 2 items

File Tree

Security Positives