openclaw-ref 安全扫描报告 — 可信 | ClawSafe

0 /100

openclaw-ref

OpenClaw platform reference - plugin system, extensions, configuration, boot/provisioning, channels, models, CLI

This is a pure documentation/reference skill containing only Markdown files describing the OpenClaw platform. No executable code, scripts, dependencies, or dangerous patterns are present.

技能名称openclaw-ref

分析耗时27.9s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	Markdown files contain only read-only reference documentation
网络访问	`NONE`	`NONE`	—	No network calls; example URLs are generic documentation placeholders
命令执行	`NONE`	`NONE`	—	No shell scripts or command execution found
环境变量	`NONE`	`NONE`	—	No environment variable access or iteration
技能调用	`READ`	`READ`	✓ 一致	SKILL.md explicitly grants read-only reference access to platform documentation
剪贴板	`NONE`	`NONE`	—	No clipboard access patterns
浏览器	`NONE`	`NONE`	—	No browser automation or interaction
数据库	`NONE`	`NONE`	—	No database access or queries

3 项发现

🔗

中危外部 URL 外部 URL

https://www.apache.org/licenses/

LICENSE.txt:3

🔗

中危外部 URL 外部 URL

https://api.provider.com/v1

references/models-providers.md:12

🔗

中危外部 URL 外部 URL

https://instance.agentbox.ai/v1

references/models-providers.md:104

目录结构

9 文件 · 184.6 KB · 3662 行

Markdown 8f · 3500L Text 1f · 162L

├─ ▾ 📁 references

│ ├─ 📝 boot-provisioning.md Markdown 521L · 25.3 KB

│ ├─ 📝 channels-extensions.md Markdown 351L · 20.4 KB

│ ├─ 📝 cli-commands.md Markdown 404L · 20.1 KB

│ ├─ 📝 configuration.md Markdown 692L · 28.5 KB

│ ├─ 📝 github-context.md Markdown 448L · 32.7 KB

│ ├─ 📝 models-providers.md Markdown 333L · 14.8 KB

│ └─ 📝 plugin-system.md Markdown 672L · 29.6 KB

├─ 📄 LICENSE.txt Text 162L · 8.9 KB

└─ 📝 SKILL.md Markdown 79L · 4.4 KB

安全亮点

✓ Pure documentation/reference skill with no executable code

✓ All content is Markdown - no scripts, binaries, or compiled code

✓ No external resource fetches or network dependencies

✓ No credential harvesting or sensitive path access

✓ No obfuscation techniques (base64, eval, etc.)

✓ License file present (Apache 2.0) with standard attribution

✓ Documentation is well-structured with version tracking (2026.4.1)

✓ Pre-scan identified no sensitive files, binary files, or IOC threats

✓ Example URLs in documentation are generic placeholders (api.provider.com, instance.agentbox.ai) not pointing to malicious infrastructure