clawpacker 安全扫描报告 — 低风险 | ClawSafe

15 /100

clawpacker

Use when exporting, importing, packaging, cloning, restoring, or moving an OpenClaw agent between machines or instances

This is a minimal redirect/pointer skill that delegates to a remote GitHub source but contains no executable code or malicious functionality locally.

技能名称clawpacker

分析耗时25.1s

引擎pi

✓

可以安装

The skill is functionally inert as delivered. Before use, verify the canonical GitHub source (cogine-ai/clawpack) is trusted and the fetched content is reviewed. Consider embedding the actual implementation locally for transparency.

安全发现 2 项

严重性	安全发现	位置
低危	Incomplete capability declaration 文档欺骗 The skill instructs users to fetch remote content from GitHub but does not declare network access as a required capability. The actual capabilities depend entirely on the fetched canonical SKILL.md. `https://raw.githubusercontent.com/cogine-ai/clawpack/master/skills/clawpacker/SKILL.md` → Add an allowed-tools section declaring network:READ if this skill will fetch remote content.	`SKILL.md:14`
低危	External dependency on remote canonical source 供应链 The skill has no local implementation and defers all functionality to a remote GitHub source. If the remote source changes, the skill's behavior changes silently without version pinning. The canonical instructions live in the `clawpack` repository and should be fetched fresh → Consider pinning to a specific commit hash or embedding the canonical implementation locally for reproducible behavior.	`SKILL.md:12`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in SKILL.md
网络访问	`NONE`	`READ`	✓ 一致	SKILL.md instructs fetching remote URLs but doesn't declare network:READ

目录结构

1 文件 · 1.3 KB · 36 行

Markdown 1f · 36L

└─ 📝 SKILL.md Markdown 36L · 1.3 KB

安全亮点

✓ No executable code present in the delivered skill

✓ No credential access or harvesting attempts

✓ No obfuscated or base64-encoded content

✓ No sensitive path access (.ssh, .env, etc.)

✓ GitHub URLs point to a seemingly legitimate repository structure