杠精 Gangjing
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned as a red-team reviewer, but it can materialize and run a local attack harness with risky payloads against your workspace, sometimes based on an interpreted “strong claim” rather than a fresh explicit approval.
Install only if you want an aggressive red-team reviewer. Before allowing code attacks, confirm each run explicitly, use a disposable sandbox, avoid repositories with secrets or live service credentials, and review any generated .gangjing-tmp harness and results files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Simply asserting that code is safe could lead the agent to run local code and generated attack harnesses, which may have side effects in the workspace.
This allows script execution not only after an explicit test request, but also after the skill interprets a strong claim about the current workspace code; the same artifact discloses that the attack engine imports and executes target module top-level code.
只有在用户**明确要求测试代码**,或对**当前工作区代码**做 "绝对没问题"这类强断言时,才允许升级到脚本执行。
Require a fresh, explicit user confirmation before any harness creation or command execution, and run only inside a sandbox, container, VM, or disposable working tree.
A red-team run against non-isolated code could read sensitive local files, damage data, or stress the machine if the target code mishandles these inputs.
These payloads are intended as adversarial test inputs, but if they are sent into vulnerable code connected to a real shell, database, filesystem, or service, they could trigger harmful actions.
cmd_payloads = ["; ls -la /etc/passwd", "| cat /etc/shadow", ... "file.txt; rm -rf /"]
Use harmless canary payloads by default, require sandboxing for destructive payload classes, and clearly separate demonstration payloads from payloads that may affect real systems.
Static package review may appear code-free, but the skill can still create executable files in the workspace during use.
The executable attack harness is embedded as a markdown template and materialized at runtime, so users should treat the template content as runnable code even though the package has no normal code files or install script.
如果当前分发包没有 `scripts/` 目录,就把这里的模板代码写到当前工作区的临时文件里再运行。
Inspect the template harness before first use, keep generated files in a clearly named temporary directory, and delete them after testing.