中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
daily-review-helper
定时回顾更新助手。定时(中午 12 点、晚上 23:50)自动回顾今日工作,查漏补缺,更新记忆和知识库。
This is a legitimate daily review helper skill that performs scheduled workspace analysis, memory updates, and git operations as documented in SKILL.md. No malicious behavior detected.
技能名称daily-review-helper
分析耗时37.9s
引擎pi
可以安装
This skill is safe to use. The implementation matches the documentation. No security concerns require action.
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md:29 '更新 MEMORY.md'; scripts/memory-updater.sh:60-90 creates/writes memor…
命令执行 WRITE WRITE ✓ 一致 SKILL.md:23 'Crontab 自动触发'; scripts/install.sh:40-50 modifies crontab
网络访问 NONE NONE No network requests found in any script
环境变量 NONE NONE Only uses WORKSPACE env var, no credential access
技能调用 NONE NONE No skill_invoke usage
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser access
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/daily-review-helper
package.json:25

目录结构

11 文件 · 42.0 KB · 1364 行
Shell 6f · 1036L Markdown 2f · 250L JSON 3f · 78L
├─ 📁 config
│ └─ 🔑 config.json JSON 15L · 314 B
├─ 📁 scripts
│ ├─ 📁 config
│ │ └─ 🔑 config.json JSON 15L · 339 B
│ ├─ 🔧 gap-analyzer.sh Shell 222L · 6.8 KB
│ ├─ 🔧 install.sh Shell 97L · 4.3 KB
│ ├─ 🔧 knowledge-updater.sh Shell 172L · 5.5 KB
│ ├─ 🔧 memory-updater.sh Shell 183L · 4.9 KB
│ └─ 🔧 uninstall.sh Shell 66L · 3.0 KB
├─ 📋 package.json JSON 48L · 1.3 KB
├─ 📝 README.md Markdown 116L · 2.7 KB
├─ 📝 SKILL.md Markdown 134L · 3.4 KB
└─ 🔧 skill.sh Shell 296L · 9.4 KB

依赖分析 2 项

包名版本来源已知漏洞备注
git any system Required for git operations, declared in SKILL.md
crontab any system Required for scheduling, declared in SKILL.md

安全亮点

✓ Documentation fully matches implementation - all declared features are present
✓ No credential harvesting or sensitive file access (no ~/.ssh, ~/.aws, .env access)
✓ No data exfiltration or external network requests detected
✓ No obfuscation techniques (no base64, eval, or suspicious encoding)
✓ No reverse shell, C2, or remote execution payloads
✓ Crontab and git operations are explicitly documented in SKILL.md
✓ Uses version pinning where applicable (openclaw: >=1.0.0 in package.json)
✓ Clean, well-structured bash scripts with proper error handling (set -e)
✓ MIT licensed with clear attribution to 思捷娅科技 (SJYKJ)