by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says (ZIP CTF cracking) and includes the code for that work, but take these precautions before using it: 1) Use only on archives you own or are authorized to test. 2) Run it in an isolated workspace (not your home directory) because it will write extracted files and temp files to the current working directory. 3) The tool may fetch bkcrack/other binaries and call subprocesses to run them — if you have network or execution policies, review and restrict those befor...详细分析 ▾
✓ 用途与能力
Name/description align with included code and bundled password list. The files and CLI wrapper implement ZIP profiling, dictionary/mask/KPA workflows and integrations (bkcrack, pyzipper) that are expected for this functionality.
✓ 指令范围
SKILL.md stays on-topic: it tells the agent to gather ZIP-specific inputs, run profile mode, and run the bundled wrapper with explicit flags. It does not instruct arbitrary file-system or credential harvesting. It does instruct keeping the CWD as the project directory (which affects where outputs are written) — this is relevant operationally but not out-of-scope.
ℹ 安装机制
There is no install spec in the registry (skill ships as code), but the core script can make network calls at runtime (GitHub API, downloads for bkcrack/MSVC redistributables, optional pip mirror). Those runtime downloads are coherent with needing bkcrack/pyzipper but constitute higher-risk behavior than pure offline scripts. The wrapper defaults to disabling automatic interactive installs unless explicitly allowed.
✓ 凭证需求
The skill declares no required env vars or credentials. It defines option env names (e.g., ZIPCRACKER_AUTO_INSTALL_BKCRACK) for runtime behavior, which is reasonable. No unrelated secrets or cloud credentials are requested.
ℹ 持久化与权限
always:false and normal autonomous invocation are set. The skill writes temp files and extracted files (default OUT_DIR 'unzipped_files') into the working directory and may create other temp artifacts; it also spawns subprocesses (bkcrack, pip, pyzipper usage). This is expected for a cracking tool but users should be aware of file writes and subprocess execution.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.12026/3/11
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install zipcracker
镜像加速npx clawhub@latest install zipcracker --registry https://cn.longxiaskill.com