Scan Report
0 /100
daily-reflect
每日日记引导 — 每天提供一个深度日记主题,早间引导写作,晚间回顾反思
Daily journal prompt generator with solid input sanitization and no security issues - all file access is constrained to a safe user data directory with path traversal protection.
Safe to install
Skill is safe to use. Consider documenting allowed-tools explicitly in SKILL.md for completeness.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | Scripts only access data/users/ directory with path traversal protection |
| Network | NONE | NONE | — | No network calls observed in any script |
1 findings
Medium External URL 外部 URL
https://openclaw.ai README.md:5 File Tree
7 files · 10.0 KB · 204 lines Markdown 2f · 104L
JavaScript 3f · 85L
JSON 2f · 15L
├─
▾
scripts
│ ├─
evening-push.js
JavaScript
│ ├─
morning-push.js
JavaScript
│ └─
push-toggle.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Robust input sanitization: userId validated with regex /^[a-zA-Z0-9_-]{1,128}$/
✓ Path traversal protection: safeUserPath() ensures all file operations stay within data/users/ directory
✓ Time validation for cron expressions prevents malformed input
✓ Channel whitelist: ALLOWED_CH Set restricts to telegram/feishu/slack/discord only
✓ No shell execution or child_process usage
✓ No credential harvesting or environment variable access
✓ No network requests or external IP communications
✓ No eval(), atob(), or dynamic code execution