genealogy-agent 安全扫描报告 — 可信 | ClawSafe

0 /100

genealogy-agent

Extracts family history from raw text, builds a local knowledge graph, generates Mermaid trees, and exports to Obsidian format.

A legitimate genealogy research agent with properly declared file I/O and documented web search functionality. No malicious indicators detected.

技能名称genealogy-agent

分析耗时25.7s

引擎pi

✓

可以安装

This skill is safe for use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md line 13-17 declares file generation (graphs, vaults, exports)
网络访问	`READ`	`READ`	✓ 一致	SKILL.md line 10 declares 'Auto-Research' with web search; research.py uses duck…

目录结构

9 文件 · 27.0 KB · 695 行

Python 6f · 538L JSON 1f · 93L Markdown 2f · 64L

├─ ▾ 📁 scripts

│ ├─ 🐍 build_graph.py Python 51L · 1.9 KB

│ ├─ 🐍 export_gedcom.py Python 139L · 5.1 KB

│ ├─ 🐍 extract.py Python 52L · 2.1 KB

│ ├─ 🐍 generate_mermaid.py Python 59L · 2.0 KB

│ ├─ 🐍 generate_obsidian.py Python 112L · 3.5 KB

│ └─ 🐍 research.py Python 125L · 5.2 KB

├─ 📝 README.md Markdown 29L · 1.8 KB

├─ 📋 skill.json JSON 93L · 3.4 KB

└─ 📝 SKILL.md Markdown 35L · 2.1 KB

包名	版本	来源	已知漏洞	备注
`pydantic`	`*`	pip	否	Standard data validation
`litellm`	`*`	pip	否	LLM abstraction layer
`duckduckgo-search`	`*`	pip	否	Documented web search functionality

✓ All capabilities explicitly declared in SKILL.md (file generation, web research)

✓ No shell execution, subprocess, or eval() usage

✓ No credential harvesting or environment variable iteration for sensitive keys

✓ No base64 encoding/decoding or obfuscated payloads

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Network access limited to documented DuckDuckGo search functionality

✓ Filesystem operations only for genealogy data (graphs, markdown, GEDCOM)

✓ Clean dependency set: litellm, pydantic, duckduckgo-search

✓ Standard CLI pattern with proper argument handling