context-monitor 安全扫描报告 — 低风险 | ClawSafe

20 /100

context-monitor

Hook that monitors context usage and auto-compresses old session memories when usage exceeds threshold

A legitimate context management hook that compresses old session memories, with minor documentation gaps around shell execution disclosure.

技能名称context-monitor

分析耗时40.5s

引擎pi

✓

可以安装

Add explicit declaration of git subprocess usage in SKILL.md frontmatter and ensure skill name consistency across files.

安全发现 3 项

严重性	安全发现	位置
中危	Undeclared shell execution via execSync 文档欺骗 handler.ts uses child_process.execSync to run 'git add' and 'git commit' commands, but _meta.json only declares 'node' and 'git' as required bins without explicitly noting shell execution capability. execSync(`cd ${workspaceDir} && git add -A`, { stdio: 'pipe' }); → Add 'shell:WRITE' to declared capabilities in _meta.json if this framework supports it, or document the git execution in SKILL.md features section.	`handler.ts:130`
低危	Inconsistent skill naming across files 文档欺骗 SKILL.md declares name='context-shrink' while _meta.json and HOOK.md both use 'context-monitor'. This creates ambiguity about the actual skill identity. `name: context-shrink` → Standardize skill name to 'context-monitor' across all metadata files.	`SKILL.md:2`
低危	Hardcoded remote model reference 文档欺骗 COMPRESSION_MODEL references 'ollama-remote/qwen2.5:0.5b' but this external dependency is not declared in SKILL.md or _meta.json. `const COMPRESSION_MODEL = 'ollama-remote/qwen2.5:0.5b';` → Document the compression model dependency in SKILL.md Configuration section.	`handler.ts:25`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	handler.ts:119 - fs.writeFileSync
文件系统	`NONE`	`READ`	✓ 一致	handler.ts:98 - fs.readFileSync
命令执行	`NONE`	`WRITE`	✓ 一致	handler.ts:130-132 - execSync git commands
环境变量	`NONE`	`READ`	✓ 一致	handler.ts:43 - process.env.HOME
网络访问	`NONE`	`NONE`	—	N/A - no network access
剪贴板	`NONE`	`NONE`	—	N/A
浏览器	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A
技能调用	`NONE`	`NONE`	—	N/A

4 文件 · 11.3 KB · 362 行

TypeScript 1f · 188L Markdown 2f · 155L JSON 1f · 19L

├─ 📜 handler.ts TypeScript 188L · 7.3 KB

├─ 📝 HOOK.md Markdown 119L · 2.7 KB

├─ 📋 package.json JSON 19L · 380 B

└─ 📝 SKILL.md Markdown 36L · 930 B

包名	版本	来源	已知漏洞	备注
`node (system)`	`N/A`	system binary	否	Required runtime, declared in _meta.json
`git (system)`	`N/A`	system binary	否	Required for commit operations, declared in _meta.json

✓ No credential theft - does not iterate os.environ or access ~/.ssh, ~/.aws, .env files

✓ No network exfiltration - makes no outbound HTTP requests or data POSTs

✓ No obfuscation - code is readable TypeScript with clear logic flow

✓ Git operations are scoped to workspaceDir only, limiting blast radius

✓ execSync uses stdio:'pipe' to prevent command injection via user-controlled paths

✓ Filesystem writes are limited to MEMORY.md in the workspace, not system paths

✓ No reverse shell, C2, or reverse engineering indicators detected

✓ Legitimate use case: context management is a valid hook functionality