ai-intelligent-expense-management 安全扫描报告 — 低风险 | ClawSafe

15 /100

ai-intelligent-expense-management

企业费用管理，报销 + 控制 + 分析

Skill consists only of documentation (SKILL.md, skill.json) with no implementation code to analyze; installation instructions use standard git clone + pip install which is typical for deployment tools.

技能名称ai-intelligent-expense-management

分析耗时47.0s

引擎pi

✓

可以安装

No immediate security concern since no code exists; if code is added later, ensure it does not exfiltrate data or access credentials.

安全发现 2 项

严重性	安全发现	位置
低危	No allowed-tools declaration 文档欺骗 SKILL.md does not declare allowed-tools mapping, though this is not critical since no executable code exists in this skill. `---` → If code is added in future, explicitly declare allowed-tools per the pi skill specification.	`SKILL.md:1`
提示	Installation references external repository 供应链 The installation instructions clone from github.com/openclaw-skills/ai-intelligent-expense-management and pip install requirements.txt. This is standard deployment practice but requires trust in external repository. `git clone https://github.com/openclaw-skills/ai-intelligent-expense-management` → Verify the external repository contents before cloning if concerned about supply chain.	`SKILL.md:22`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No code present to verify
网络访问	`NONE`	`NONE`	—	No code present to verify
命令执行	`NONE`	`NONE`	—	No code present to verify
环境变量	`NONE`	`NONE`	—	No code present to verify

目录结构

2 文件 · 1.3 KB · 62 行

Markdown 1f · 51L JSON 1f · 11L

├─ 📋 skill.json JSON 11L · 318 B

└─ 📝 SKILL.md Markdown 51L · 991 B

安全亮点

✓ No malicious code present - skill is documentation-only

✓ No credential harvesting detected

✓ No network exfiltration observed

✓ No obfuscation or base64-encoded payloads

✓ No suspicious file paths accessed (no code to access anything)