中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:1 天前 重新扫描
20 /100
skill-kit
Claude Code skill management toolkit: create, validate, merge, convert, deduplicate, and upgrade Agent Skills. Topics: writer, lint, merge, dedup, convert, upgrade, route, trigger.
Legitimate Claude Code skill management toolkit; all shell operations are documented and serve stated purposes, but shell:WRITE is not declared in allowed-tools despite being used throughout.
技能名称skill-kit
分析耗时69.6s
引擎pi
可以安装
Add explicit allowed-tools declaration to SKILL.md frontmatter and consider pinning the Bash operations to specific commands rather than general shell access.

安全发现 3 项

严重性 安全发现 位置
低危
shell:WRITE not declared in allowed-tools 权限提升
SKILL.md declares only filesystem:READ/WRITE but the skill performs shell:WRITE operations (mkdir, mv, chmod, rm, jq writes) across merge.md, dedup.md, and trigger-compile.sh. No 'allowed-tools:' field is present in frontmatter.
SKILL.md declares no allowed-tools; shell WRITE operations are inferred from bash commands
→ Add allowed-tools declaration to SKILL.md frontmatter, e.g.: allowed-tools: [Read, Glob, Grep, Bash]
 SKILL.md:1
低危
settings.json modification not explicitly declared 文档欺骗
trigger-compile.sh reads and modifies ~/.claude/settings.json to register hook entries. SKILL.md describes the trigger feature but does not explicitly state that it writes to settings.json.
cp "$tmp_settings" "$SETTINGS"  # register_hooks() function
→ Add 'Modifies ~/.claude/settings.json to register hooks' to the trigger topic description for transparency.
 trigger.md / scripts/trigger-compile.sh:228
提示
rm -rf documented for backup cleanup (legitimate) 代码执行
The dangerous 'rm -rf' command appears in merge.md:144 and dedup.md:129 for cleaning backup directories. These are explicitly documented as part of the safe-delete pattern and only target .bak folders.
rm -rf ~/.claude/.bak/{skill-name}  # Clean .bak/: rm -rf ~/.claude/.bak/{skill-name}
→ No action needed — rm -rf is scoped to backup directories and is a documented cleanup operation.
 merge.md:144, dedup.md:129:144
资源类型声明权限推断权限状态证据
文件系统 READ,WRITE READ,WRITE ✓ 一致 SKILL.md frontmatter references and bash directory operations in merge.md:94-97
命令执行 NONE WRITE ✗ 越权 merge.md:144 'rm -rf', dedup.md:129 'rm -rf', trigger-compile.sh:182 'chmod +x',…
环境变量 NONE NONE No os.environ access detected
网络访问 NONE NONE No network requests detected
技能调用 NONE READ ✓ 一致 Skill tool invocations are the core functionality; read-only scan operations
剪贴板 NONE NONE No clipboard access detected
浏览器 NONE NONE No browser access detected
数据库 NONE NONE No database access detected
1 严重 1 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf ~
merge.md:144

目录结构

11 文件 · 55.9 KB · 2062 行
Markdown 10f · 1720L Shell 1f · 342L
├─ 📁 scripts
│ └─ 🔧 trigger-compile.sh Shell 342L · 10.1 KB
├─ 📝 architecture.md Markdown 170L · 4.7 KB
├─ 📝 convert.md Markdown 78L · 1.6 KB
├─ 📝 dedup.md Markdown 119L · 2.5 KB
├─ 📝 lint.md Markdown 286L · 7.1 KB
├─ 📝 merge.md Markdown 144L · 3.4 KB
├─ 📝 route.md Markdown 132L · 3.8 KB
├─ 📝 SKILL.md Markdown 195L · 6.0 KB
├─ 📝 trigger.md Markdown 214L · 6.4 KB
├─ 📝 upgrade.md Markdown 187L · 5.8 KB
└─ 📝 writer.md Markdown 195L · 4.7 KB

安全亮点

✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env never accessed)
✓ No network requests or external data exfiltration detected
✓ No base64, obfuscation, or anti-analysis patterns found
✓ All rm -rf commands are scoped to .bak backup directories and explicitly documented
✓ trigger-compile.sh validates JSON syntax before writing settings.json (bash -n and jq validation)
✓ No supply chain risks — no package.json, requirements.txt, or external dependencies
✓ All operations are directly relevant to the stated skill management purpose