中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:1 天前 重新扫描
20 /100
email-checker-for-mac
Automated email assistant for Apple Mail. Runs on a schedule, scores priority, drafts AI replies, sends reports.
A legitimate macOS email automation tool with AppleScript control of Mail.app. Shell execution via subprocess/osascript is documented in the os requirement and metadata but not explicitly declared as a SKILL.md allowed-tool, which is a minor doc-to-capability gap.
技能名称email-checker-for-mac
分析耗时71.5s
引擎pi
可以安装
Add 'shell:WRITE' to the allowed-tools declaration in SKILL.md and explicitly document that the LLM API key is read from config/settings.json and transmitted to the configured LLM endpoint. These are legitimate behaviors that should be made transparent.

安全发现 3 项

严重性 安全发现 位置
低危
Shell execution not declared as allowed-tool 文档欺骗
SKILL.md declares 'requires: osascript' in metadata but does not list shell:WRITE or any shell permission in an allowed-tools section. The code uses subprocess.run(['osascript', ...]) extensively, which maps to shell:WRITE capability.
metadata: {"requires":{"bins":["osascript"],...}}
→ Add an explicit allowed-tools declaration to SKILL.md: shell:WRITE, filesystem:READ, filesystem:WRITE, network:READ.
 SKILL.md:1
提示
LLM API key transmission to external endpoint not documented 敏感访问
OpenAI API keys (or LM Studio/Ollama keys) are stored in config/settings.json and transmitted to the configured LLM base URL via POST with Bearer token. This is necessary for the feature but not called out in the SKILL.md docs section.
headers={'Content-Type': 'application/json', 'Authorization': 'Bearer ' + api_key}
→ Document in SKILL.md that LLM API keys are read from config/settings.json and transmitted to the configured LLM endpoint.
 scripts/email/checker.py:150
提示
Crontab installation creates scheduled persistence 持久化
setup.sh installs a cron job via crontab that runs checker_wrapper.sh at boot (@reboot) and on an interval. This persistence mechanism is documented in README.md but not in SKILL.md.
echo '@reboot $WRAPPER' | crontab -
→ Add a note in SKILL.md that the skill can install crontab entries for scheduled execution.
 setup.sh:245
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 scripts/email/checker.py: subprocess.run(['osascript', ...]); scripts/email/send…
文件系统 WRITE WRITE ✓ 一致 setup.sh writes config/settings.json; checker.py reads it; logs/ and temp/ dirs …
网络访问 NONE READ ✓ 一致 checker.py: urllib.request.urlopen() to LLM_BASE_URL; LLM API key transmitted in…
环境变量 NONE READ ✓ 一致 setup.sh passes LLM_API_KEY as env var during LLM test; checker.py reads config …
技能调用 NONE READ ✓ 一致 SKILL.md describes OpenClaw integration via Telegram/WhatsApp invoking checker.p…
2 项发现
📧
提示 邮箱 邮箱地址
[email protected]
README.md:111
📧
提示 邮箱 邮箱地址
[email protected]
README.md:122

目录结构

10 文件 · 59.0 KB · 1655 行
Python 3f · 796L Shell 3f · 459L Markdown 2f · 360L JSON 2f · 40L
├─ 📁 config
│ └─ 📋 settings.example.json JSON 27L · 569 B
├─ 📁 scripts
│ └─ 📁 email
│ ├─ 🔧 checker_wrapper.sh Shell 15L · 510 B
│ ├─ 🐍 checker.py Python 649L · 26.5 KB
│ ├─ 🐍 send_reply.py Python 105L · 3.4 KB
│ ├─ 🐍 template.py Python 42L · 1.1 KB
│ └─ 🔧 template.sh Shell 25L · 469 B
├─ 📋 _meta.json JSON 13L · 425 B
├─ 📝 README.md Markdown 291L · 9.3 KB
├─ 🔧 setup.sh Shell 419L · 15.0 KB
└─ 📝 SKILL.md Markdown 69L · 1.9 KB

依赖分析 2 项

包名版本来源已知漏洞备注
urllib stdlib python3 built-in Standard library — no external dependency for HTTP calls
subprocess stdlib python3 built-in Standard library — used for osascript invocation, documented and necessary

安全亮点

✓ No base64-encoded execution, no eval(), no obfuscated payloads
✓ No access to ~/.ssh, ~/.aws, .env, or other credential storage paths
✓ No direct IP connections to unknown external servers — only to user-configured LLM endpoints
✓ No data exfiltration observed — email content is processed locally and reports sent to the user's own configured email address
✓ API keys stored in config/settings.json (gitignored), not hardcoded
✓ AppleScript is the standard, documented macOS automation interface — not a custom shell escape
✓ LLM connection test in setup.sh is interactive and user-driven with visible output
✓ Settings.json validation is performed before writing