neubird-ops-agent 安全扫描报告 — 可信 | ClawSafe

5 /100

neubird-ops-agent

Production ops agent using NeuBird CLI for infrastructure health, cloud costs, incidents, performance, and risk analysis

Legitimate production operations skill that wraps the neubird CLI for infrastructure monitoring. No malicious behavior detected — all operations are declared, documented, and scoped to a known external binary.

技能名称neubird-ops-agent

分析耗时39.4s

引擎pi

✓

可以安装

This skill is safe to use. Ensure the neubird CLI binary is installed from the official source (neubird.ai) before deployment, as the skill cannot function without it.

安全发现 2 项

严重性	安全发现	位置
低危	External dependency on neubird CLI The skill relies entirely on the 'neubird' CLI binary which must be pre-installed. While this is a legitimate design pattern, it means security depends on the neubird binary's implementation, which is external to this skill. `Requires the neubird CLI to be installed and authenticated` → Verify the neubird CLI is installed from the official source (neubird.ai) and is kept up-to-date with security patches	`SKILL.md:1`
低危	Allowed-tools not explicitly declared SKILL.md does not explicitly declare which allowed-tools the skill uses. While the skill metadata hints at shell access (bins: ['neubird']), this is not formally declared in the metadata frontmatter. `metadata: {'neubird': {'emoji': '🔍'}, 'openclaw': {'emoji': '🔍', 'requires': {'bins': ['neubird']}}}` → Add explicit allowed-tools declaration to SKILL.md metadata for transparency	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Shell commands limited to neubird CLI invocations only (neubird run, n…
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Only writes to /tmp/ for session files (session management)
网络访问	`NONE`	`NONE`	—	No direct network calls; all network activity goes through the neubird CLI binar…
环境变量	`NONE`	`NONE`	—	No environment variable access or credential harvesting observed
数据库	`NONE`	`NONE`	—	Database access handled by neubird CLI (user's infrastructure); not accessed dir…
剪贴板	`NONE`	`NONE`	—	No clipboard access observed
浏览器	`NONE`	`NONE`	—	No browser access observed
技能调用	`NONE`	`NONE`	—	No cross-skill invocation observed

2 项发现

🔗

中危外部 URL 外部 URL

https://neubird.ai

SKILL.md:5

🔗

中危外部 URL 外部 URL

https://neubird.com

SKILL.md:11

目录结构

6 文件 · 14.4 KB · 370 行

Markdown 6f · 370L

├─ ▾ 📁 references

│ ├─ 📝 application.md Markdown 40L · 1.7 KB

│ ├─ 📝 cloud.md Markdown 29L · 1.3 KB

│ ├─ 📝 database.md Markdown 39L · 1.6 KB

│ ├─ 📝 escalation.md Markdown 83L · 2.0 KB

│ └─ 📝 kubernetes.md Markdown 31L · 1.3 KB

└─ 📝 SKILL.md Markdown 148L · 6.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`neubird`	`unknown`	external CLI	否	External binary not included in skill; must be installed separately from neubird.ai

安全亮点

✓ All operations are documented and declared in SKILL.md

✓ No obfuscation or encoding patterns detected (no base64, eval, atob)

✓ No credential harvesting or sensitive path access

✓ Session files are isolated to /tmp/ which is standard and safe

✓ No direct network calls — all external communication goes through the neubird CLI binary

✓ Reference documentation contains only legitimate operational guidance (incident templates, investigation prompts)

✓ Clean exit code handling with clear error messages

✓ No remote script execution patterns (curl|bash, wget|sh)

✓ No hidden instructions in HTML comments or binary blobs

✓ Skill follows a well-documented CLI wrapper pattern