Skills
skills/stvlynn/qclaw-skills/qclaw-rules/Socket

qclaw-rules

Warn

Audited by Socket on Mar 21, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该 skill 主要是全局规则与工作流约束,不像直接恶意窃密内容,但其实际足迹超过普通“规则说明”:它强制跨会话读取和保存用户个人信息,并要求在 skill 缺失时自动安装依赖和调用外部 MCP/CLI。目的与能力部分一致,但权限和信任边界偏宽,尤其是未限定安装来源与第三方工具官方性,因此应判为 SUSPICIOUS 而非 BENIGN。

Confidence: 87%Severity: 74%
Audit Metadata
Analyzed At
Mar 21, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/stvlynn%2Fqclaw-skills%2Fqclaw-rules%2F@77efeb5922cccf5f9780db259409bcbba4753517