Scan Report
0 /100
insight-brief-generator
把报表和图表转成管理层可读的洞察摘要,区分发现、解释和建议动作
This skill is a straightforward business-report summarizer with no malicious behavior, credential access, network exfiltration, or obfuscation. Shell execution via python3 is declared, filesystem writes are limited to output files, and all operations are audit-friendly.
Safe to install
Approve for use. No security concerns detected. The only filesystem WRITE is the explicitly named output file.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/run.py — only reads input files; output write is user-specified via --ou… |
| Shell | EXEC | EXEC | ✓ Aligned | SKILL.md line 21: `python3 "{baseDir}/scripts/run.py" --input ...` |
| Network | NONE | NONE | — | No network calls in scripts/run.py — uses only Python standard library |
| Environment | NONE | NONE | — | run.py uses os.environ only to access PATH for resolution; no credential harvest… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://example.invalid/skills/insight-brief-generator SKILL.md:6 File Tree
9 files · 20.6 KB · 561 lines Python 1f · 282L
Markdown 7f · 243L
JSON 1f · 36L
├─
▾
examples
│ ├─
example-input.md
Markdown
│ └─
example-output.md
Markdown
├─
▾
resources
│ ├─
spec.json
JSON
│ └─
template.md
Markdown
├─
▾
scripts
│ └─
run.py
Python
├─
▾
tests
│ └─
smoke-test.md
Markdown
├─
README.md
Markdown
├─
SELF_CHECK.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
python3 | any (runtime) | system | No | Declared in metadata.openclaw.requires.bins; no third-party packages |
Security Positives
✓ No credential harvesting — PATTERNS dict contains 'secret_like' only as a scan regex, not for exfiltration
✓ No network requests — script uses only Python standard library, no urllib/requests/httpx
✓ No obfuscation — no base64, no eval(), no encoded strings
✓ No sensitive path access — does not touch ~/.ssh, ~/.aws, .env, or key directories
✓ No remote script execution — no curl|bash, no wget|sh, no download-and-run patterns
✓ Output file write is opt-in and user-specified via --output flag
✓ Shell execution is documented in SKILL.md
✓ Dependencies: only python3 + Python standard library (fully declared in metadata.openclaw.requires.bins)
✓ Includes --dry-run mode for read-only analysis without file writes
✓ All modes (structured_brief, directory_audit, csv_audit, pattern_audit, skill_audit) are for generation and auditing — no execution of found patterns