clawdoctor 安全扫描报告 — 可信 | ClawSafe

5 /100

clawdoctor

Self-healing doctor for OpenClaw. Monitors gateway, crons, sessions, auth, and costs. Sends Telegram alerts. Auto-restarts gateway when it goes down.

Documentation-only skill describing a legitimate OpenClaw monitoring tool with clear, reasonable declared permissions.

技能名称clawdoctor

分析耗时27.2s

引擎pi

✓

可以安装

No action required. SKILL.md accurately documents the tool's purpose and declared permissions.

安全发现 1 项

严重性	安全发现	位置
提示	Documentation-only skill 文档欺骗 SKILL.md is the only file present. This is a documentation descriptor for an npm package 'clawdoctor' - no implementation code to analyze. `--- name: clawdoctor description: Self-healing doctor...` → Verify npm package integrity independently if deploying.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md: Monitors session files, reads OpenClaw log/state files (read-only)
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: Sends alerts via Telegram Bot API (outbound HTTPS only)
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Only action: 'openclaw gateway restart' when gateway is down
环境变量	`NONE`	`NONE`	—	SKILL.md: Explicitly states no API keys leave the machine
凭据访问	`NONE`	`NONE`	—	SKILL.md: No credential harvesting declared or implied

3 项发现

🔗

中危外部 URL 外部 URL

https://buy.stripe.com/7sY14g2fsex33F08U51ck01

SKILL.md:108

🔗

中危外部 URL 外部 URL

https://buy.stripe.com/eVq28k2fsdsZ7Vg6LX1ck02

SKILL.md:110

🔗

中危外部 URL 外部 URL

https://clawdoctor.dev

SKILL.md:122

1 文件 · 3.6 KB · 122 行

Markdown 1f · 122L

└─ 📝 SKILL.md Markdown 122L · 3.6 KB

✓ Explicit security claims: 'No API keys or conversation content leaves the machine'

✓ Network access limited to Telegram Bot API (HTTPS only)

✓ File access declared as read-only

✓ Single explicit shell command declared: 'openclaw gateway restart'

✓ Clear documentation of what data is monitored and why

✓ Rate-limiting on alerts to prevent spam/abuse

✓ Config and events stored locally in SQLite with 7-day retention