Scan Report
0 /100
openclaw-livestock-assistant
AI-powered livestock management assistant for Spanish-speaking farmers with a REST API for herd record-keeping
This skill consists entirely of documentation and reference markdown files. No implementation code, scripts, or executables are present, and all declared capabilities (AI chat via external providers, local REST API) are clearly documented.
Safe to install
No security action required. If this skill is deployed, ensure actual implementation files (Node.js/Express server, TypeScript source) are reviewed separately before execution.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file access code in repository |
| Network | READ | READ | ✓ Aligned | SKILL.md line 1 - references localhost:3000 REST API; AI providers are declared |
| Shell | NONE | NONE | — | No bash/shell scripts found (pre-scan confirmed no scripts/) |
| Environment | READ | READ | ✓ Aligned | SKILL.md - OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY decla… |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocations found |
| Clipboard | NONE | NONE | — | No clipboard access code |
| Browser | NONE | NONE | — | No browser automation code |
| Database | READ | READ | ✓ Aligned | references/api.md - GET/POST/PATCH/DELETE /api/animals, all documented |
File Tree
5 files · 16.8 KB · 462 lines Markdown 5f · 462L
├─
▾
references
│ ├─
api.md
Markdown
│ ├─
breeds.md
Markdown
│ ├─
diseases.md
Markdown
│ └─
nutrition.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Only documentation files present — no executable code, scripts, or binaries in the repository
✓ All API key requirements (OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY) are explicitly declared in SKILL.md
✓ No hidden functionality — references/ subdirectory contains only legitimate agricultural reference data (breeds, diseases, nutrition)
✓ No credential harvesting or exfiltration patterns detected
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques
✓ No sensitive file access (ssh, aws, .env files)
✓ No network IOCs or external IP communication
✓ No supply chain risk — no dependencies declared (no package.json, requirements.txt, or Cargo.toml)