扫描报告
15 /100
Claude Code Enhancement
Multi-agent coordination framework for OpenClaw with memory, permission, workflow, and agent management capabilities
This is a legitimate multi-agent coordination framework with no malicious behavior. The skill implements Coordinator, Memory, Permission, Workflow, and Agent management without any suspicious file operations, network calls, credential harvesting, or hidden functionality.
可以安装
The skill is safe to use. Minor documentation gaps exist (e.g., BYPASS permission mode mentioned in docs but not fully implemented), but these do not constitute security risks.
安全发现 3 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unnecessary subprocess import | coordinator/coordinator.py:9 |
| 低危 | Documentation scope mismatch | permission/permission.py:60 |
| 提示 | Memory directory auto-creation | memory/memory.py:26 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | memory.py writes to ~/.openclaw/workspace/memory/ for user preferences |
| 网络访问 | NONE | NONE | — | No network operations found |
| 命令执行 | NONE | NONE | — | subprocess imported but never invoked |
| 环境变量 | NONE | NONE | — | No os.environ access for credential harvesting |
| 技能调用 | NONE | NONE | — | Internal module orchestration only |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
13 项发现
中危 外部 URL 外部 URL
https://img.shields.io/badge/OpenClaw-增强组件-blue?style=for-the-badge&logo=rocket README.md:4 中危 外部 URL 外部 URL
https://img.shields.io/badge/Version-1.0.0-green?style=for-the-badge README.md:5 中危 外部 URL 外部 URL
https://img.shields.io/badge/Python-3.12+-yellow?style=for-the-badge README.md:6 中危 外部 URL 外部 URL
https://img.shields.io/badge/版本-1.0.0-green?style=for-the-badge SKILL.md:5 中危 外部 URL 外部 URL
https://img.shields.io/badge/许可证-MIT-orange?style=for-the-badge SKILL.md:7 中危 外部 URL 外部 URL
https://streak-stats.demolab.com?user=ntaffffff&theme=dark&hide_border=true SKILL.md:18 中危 外部 URL 外部 URL
https://img.shields.io/badge/安全-企业级-red?style=for-the-badge SKILL.md:74 中危 外部 URL 外部 URL
https://img.shields.io/badge/记忆-永久保存-blue?style=for-the-badge SKILL.md:110 中危 外部 URL 外部 URL
https://img.shields.io/badge/进度-可视化-green?style=for-the-badge SKILL.md:141 中危 外部 URL 外部 URL
https://contributors-img.web.app/image?repo=ntaffffff/openclaw-claude-code-enhancement SKILL.md:287 中危 外部 URL 外部 URL
https://img.shields.io/badge/许可证-MIT-blue?style=for-the-badge SKILL.md:307 中危 外部 URL 外部 URL
https://img.shields.io/github/stars/ntaffffff/openclaw-claude-code-enhancement?style=social SKILL.md:320 中危 外部 URL 外部 URL
https://img.shields.io/github/forks/ntaffffff/openclaw-claude-code-enhancement?style=social SKILL.md:323 目录结构
9 文件 · 75.4 KB · 2499 行 Python 7f · 1903L
Markdown 2f · 596L
├─
▾
agent
│ └─
agent_tool.py
Python
├─
▾
coordinator
│ └─
coordinator.py
Python
├─
▾
memory
│ └─
memory.py
Python
├─
▾
permission
│ └─
permission.py
Python
├─
▾
workflow
│ └─
workflow.py
Python
├─
main.py
Python
├─
nlp_parser.py
Python
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
json | builtin | stdlib | 否 | Standard library only |
uuid | builtin | stdlib | 否 | Standard library only |
asyncio | builtin | stdlib | 否 | Standard library only |
pathlib | builtin | stdlib | 否 | Standard library only |
安全亮点
✓ No credential harvesting - no access to ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No network exfiltration - no external IP connections or data transmission
✓ No shell execution - subprocess imported but never called
✓ No base64/eval obfuscation - all code is readable plaintext
✓ No hidden instructions in HTML comments or elsewhere
✓ No curl|bash or wget|sh remote script execution
✓ No data theft patterns (iterating os.environ for keys)
✓ Filesystem writes are limited to user preference storage (~/.openclaw/workspace/memory/)
✓ No suspicious GitHub URLs pointing to credential harvesting repos