Skill Trust Decision

web-application-fuzzing-automation

Name: web-application-fuzzing-automation Trust Review Report
Item: web-application-fuzzing-automation
Rating: 65
Author: ClawSafe

SKILL.md 描述了完整的攻击工具包（SQL注入、XSS、OS命令注入、数据收割），声明的权限仅限 Read/Write/Bash/WebFetch，但文档内容实质是攻击技术手册，存在文档欺骗风险

Install decision first Source: ClawHub Scanned: Apr 29, 2026

Files 1

Artifacts 1

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

What drove the risk score up

文档包含敏感操作描述 +15

SKILL.md详细描述了SQL注入、XSS、OS命令注入、路径遍历等攻击向量

数据收割功能声明 +10

明确描述从access-control-flawed端点harvesting敏感数据

凭证枚举示例 +5

示例展示枚举用户密码字段的完整流程

无脚本文件 +-5

仅有文档无实际执行代码，降低风险

标注授权测试用途 +-5

文档多处声明仅用于授权渗透测试

Most important evidence

Medium Doc Mismatch

文档声明与实际用途的权限声明不匹配

文档声称是'授权渗透测试'工具，但 tools-required 仅声明 Read/Write，无任何授权验证机制。文档详细描述了数据收割、凭证枚举、SQL注入等攻击技术，属于高风险意图不明场景

SKILL.md:1

添加授权验证检查点：要求用户提供书面授权文件哈希或签署确认，或明确标注此技能需要人工审核授权

Medium Sensitive Access

提供完整的攻击向量工具包

SKILL.md 包含了 SQL 注入（'、'--、waitfor delay）、XSS（xsstest、script标签）、OS 命令注入（ping -i 30 127.0.0.1）、路径 traversal（../../etc/passwd）等完整payload集

SKILL.md:140

考虑将攻击payload外部化或添加警告注释，强调仅用于受控测试环境

Medium Credential Theft

数据收割和凭证枚举示例

示例中展示了从HTML表格中提取密码字段的方法：`<td>Password: </td><td>b3ll3nd</td>`，并详细说明了如何大规模枚举用户凭证

SKILL.md:290

移除或模糊化真实凭证示例，使用虚构数据

Declared capability vs actual capability

Filesystem Pass

Declared WRITE

→

Inferred WRITE

SKILL.md: tools-required: [Read, Write]

Network Pass

Declared READ

→

Inferred READ

SKILL.md: tools-optional: [Bash, WebFetch]

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md: tools-optional: [Bash]

Suspicious artifacts and egress

Medium External URL

https://creativecommons.org/licenses/by-sa/4.0/

SKILL.md:351

Dependencies and supply chain

There are no structured dependency warnings.

File composition

1 files · 356 lines

Markdown 1 files · 356 lines

Files of concern · 1

SKILL.md Markdown · 356 lines

文档声明与实际用途的权限声明不匹配 · 提供完整的攻击向量工具包 · 数据收割和凭证枚举示例 · https://creativecommons.org/licenses/by-sa/4.0/

Security positives

文档多处明确标注授权测试要求（'Authorized penetration test engagement'、'Authorized testing only'）

声明了授权前提条件（书面授权、范围确认）

无实际可执行脚本，仅为教学文档

工具权限声明相对克制（未声明网络WRITE权限）

包含not_for场景说明