wip-repo-permissions-hook 安全扫描报告 — 可信 | ClawSafe

0 /100

wip-repo-permissions-hook

Repo visibility guard. Blocks repos from going public without a -private counterpart.

Repo visibility guard that safely uses gh CLI to check GitHub repo visibility. All capabilities are declared, no sensitive access, no credential harvesting, no obfuscation.

技能名称wip-repo-permissions-hook

分析耗时29.1s

引擎pi

✓

可以安装

No action needed. This skill is safe to use as documented.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	cli.js:7 reads own package.json for version flag
命令执行	`WRITE`	`WRITE`	✓ 一致	core.mjs:49-53 uses execFileSync('gh', ...) for GitHub API calls. Declared and n…
网络访问	`READ`	`READ`	✓ 一致	gh CLI proxies all GitHub API requests. No direct IP/network access.
环境变量	`NONE`	`NONE`	—	No env var access. gh handles its own auth.
技能调用	`NONE`	`NONE`	—	Standard tool invocation through MCP
剪贴板	`NONE`	`NONE`	—	Not used
浏览器	`NONE`	`NONE`	—	Not used
数据库	`NONE`	`NONE`	—	Not used

8 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/npm/v/@wipcomputer/wip-repo-permissions-hook

README.md:3

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/@wipcomputer/wip-repo-permissions-hook

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-CLI_/_TUI-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-MCP_Server-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-OpenClaw_Plugin-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-Claude_Code_Hook-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-Claude_Code_Skill-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Universal_Interface_Spec-black?style=flat&color=black

README.md:3

目录结构

8 文件 · 17.2 KB · 569 行

JavaScript 4f · 371L Markdown 2f · 159L JSON 2f · 39L

├─ 📜 cli.js JavaScript 93L · 2.8 KB

├─ 📜 core.mjs JavaScript 122L · 4.0 KB

├─ 📜 guard.mjs JavaScript 64L · 1.4 KB

├─ 📜 mcp-server.mjs JavaScript 92L · 2.7 KB

├─ 📋 openclaw.plugin.json JSON 8L · 269 B

├─ 📋 package.json JSON 31L · 703 B

├─ 📝 README.md Markdown 86L · 3.5 KB

└─ 📝 SKILL.md Markdown 73L · 1.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@modelcontextprotocol/sdk`	`^1.0.0`	npm	否	Version pinned with caret range. Standard MCP library.

安全亮点

✓ Only uses gh CLI - a standard, well-audited GitHub tool

✓ Delegates authentication to gh (no direct credential access)

✓ No sensitive file or path access

✓ No obfuscation, base64 encoding, or anti-analysis techniques

✓ No external URLs accessed (shield.io badges are static assets)

✓ No supply chain risks - MCP SDK is well-known and version-pinned

✓ Open source with clear MIT license

✓ Clean, readable code with no hidden functionality

✓ All declared capabilities match actual implementation