command-guardian 安全扫描报告 — 可信 | ClawSafe

5 /100

command-guardian

Preflight safety guard for shell and infrastructure commands. Analyzes command risk, path targets, inline secrets, compound structures, and provides rollback guidance before execution.

Command Guardian is a well-structured preflight safety guard that analyzes shell commands for risks. All scripts perform read-only analysis with no side effects. The two flagged IOCs are documentation references to dangerous patterns, not actual executions.

技能名称command-guardian

分析耗时32.4s

引擎pi

✓

可以安装

Skill is safe to use. The preflight, classify, path_guard, and rollback_hints scripts all read input and produce reports without executing any commands. The secret_guard pattern detection is read-only analysis only.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	guardlib.py:326 — open(args.command_file) is user-supplied path only when explic…
命令执行	`NONE`	`NONE`	—	guardlib.py:314 — subprocess.check_output(['git', 'rev-parse', '--show-toplevel'…
网络访问	`NONE`	`NONE`	—	No network calls found in any script
环境变量	`NONE`	`READ`	✓ 一致	guardlib.py:115 — os.path.expandvars() only expands env vars in the command stri…
技能调用	`NONE`	`NONE`	—	No dynamic skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

2 严重 2 项发现

💀

严重危险命令危险 Shell 命令

curl | sh

SKILL.md:54

💀

严重危险命令危险 Shell 命令

wget | bash

references/tool-patterns.md:30

目录结构

10 文件 · 36.7 KB · 1041 行

Python 6f · 840L Markdown 3f · 193L YAML 1f · 8L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 8L · 300 B

├─ ▾ 📁 references

│ ├─ 📝 risk-rules.md Markdown 41L · 1.3 KB

│ └─ 📝 tool-patterns.md Markdown 42L · 1.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 classify_command.py Python 15L · 307 B

│ ├─ 🐍 guardlib.py Python 718L · 26.0 KB

│ ├─ 🐍 path_guard.py Python 17L · 466 B

│ ├─ 🐍 preflight.py Python 60L · 1.9 KB

│ ├─ 🐍 rollback_hints.py Python 15L · 317 B

│ └─ 🔑 secret_guard.py ⚠ Python 15L · 315 B

└─ 📝 SKILL.md Markdown 110L · 4.4 KB

安全亮点

✓ All scripts are read-only analysis tools — they classify, detect patterns, and report without executing commands

✓ subprocess is used only for safe git metadata queries (repo root, branch, dirty status) with no shell=True and no user input in subprocess arguments

✓ No credential harvesting — secret_guard.py only performs regex detection on the input command string

✓ No file writes, network requests, or environment variable exfiltration

✓ The 'curl | sh' and 'wget | bash' IOCs are references in documentation describing dangerous patterns, not actual executions

✓ No base64 encoding, eval(), or dynamic code execution

✓ The skill's purpose and behavior are fully documented in SKILL.md with clear capability declarations

✓ No sensitive paths (~/.ssh, ~/.aws, .env) are accessed

✓ Rollback hints and safer commands are suggestions only — the skill never auto-executes