AIDR-XClaw-Security-Sentinel@ 1.0.0

github.com/clawhub.ai/aidr-xclaw-security-sentinel
Verdict: Generally safe
0 critical1 high1 medium
B
SCORE 75 / 100
$skillox install AIDR-XClaw-Security-SentinelSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade B?

score · 75 / 100

The current grade reflects 1 high-severity finding (any HIGH → B).

0 CRIT1 HIGH1 MED0 LOW
To reach a higher grade
  • A
    Reach Atarget score 95

    Resolve all 1 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-ymzh31fqd9njdzuo4gbl34ml · Thu, 28 May 2026 16:39:53 GMT · 46ms

high
Sensitive filesystem path referenced
The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 630CWE-552
628| 1 | 伪造系统标记 | `\[SYSTEM\]|\[ADMIN\]|\[ROOT\]` | `<SYSTEM>`|`<ADMIN>`|```<ROOT>```` | `[FAKE_SYSTEM_MARKER_MASKED]` | 1 |
629| 2 | 编码载荷 | `(?i)(base64|base32|hex|encode|decode)\s*[(:=]\s*'"?[A-Za-z0-9+/=]{20,}` | `[ENCODED_PAYLOAD_MASKED]` | 2 |
630| 1 | 路径穿越 | `(?:\.\./|\.\.\\ | \.\.%2f|\.\.%5c|/etc/passwd)` | `[PATH_TRAVERSAL_MASKED]` |sensitive path — credential-exfiltration vector
631| 1 | 敏感路径 | `(?:\.ssh|\.aws|\.kube|\.docker|\.gnupg|\.git)/[^\"'\s]*` | `[SENSITIVE_PATH_MASKED]` | 1 |
632| 1 | 凭证文件 | `(?:\.pem|\.key|credentials\.json|secrets\.ya?ml|\.env)` | `[CREDENTIAL_FILE_MASKED]` | 1 |
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
View latest scan →
skillox.io/c/AIDR-XClaw-Security-Sentinel