扫描报告
5 /100
openclaw-cost-guard
Static cost-governance review of OpenClaw configs to prevent denial-of-wallet incidents
This is a legitimate, well-scoped static cost-governance tool with no malicious behavior, no hidden functionality, and accurate documentation matching the implementation.
可以安装
No action required. The skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | scripts/cost-guard.mjs:14 — only reads the user-specified config path (default ~… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md explicitly declares 'node {baseDir}/scripts/cost-guard.mjs' execution; … |
目录结构
6 文件 · 11.8 KB · 329 行 JavaScript 2f · 155L
Markdown 3f · 139L
JSON 1f · 35L
├─
▾
references
│ └─
cost-playbook.md
Markdown
├─
▾
scripts
│ └─
cost-guard.mjs
JavaScript
├─
▾
tests
│ └─
test.mjs
JavaScript
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 5 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
node:fs | builtin | node.js | 否 | Node.js built-in module, no external dependencies |
node:os | builtin | node.js | 否 | Node.js built-in module |
node:path | builtin | node.js | 否 | Node.js built-in module |
node:assert | builtin | node.js | 否 | Node.js built-in module (test file only) |
node:child_process | builtin | node.js | 否 | Node.js built-in module, used only in test file for execFileSync |
安全亮点
✓ SKILL.md accurately describes all behavior — no doc-to-code mismatch
✓ Script performs only static JSON analysis with regex pattern matching; no side effects
✓ No network requests, no credential access, no file writes beyond config read
✓ No base64, eval, obfuscation, or suspicious constructs
✓ Dependencies: only Node.js built-in modules (fs, os, path) — no external packages
✓ Test suite validates expected behavior using a temporary config file
✓ All file/path access is scoped to the user-supplied config path