扫描报告
15 /100
ClawLine Setup
通过对话一键安装并配置 ClawLine 手机 App 与 OpenClaw 的连接
ClawLine Setup skill is a configuration-only skill with no executable code present; documentation declares reasonable plugin/config management behavior but lacks implementation files to verify claims.
可以安装
Verify actual implementation exists in the npm package @openclawline/clawline-setup before trusting with production systems. Review the npm package source code for any shell execution or credential access.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Documentation claims without implementation 文档欺骗 | SKILL.md |
| 提示 | External npm package dependency 供应链 | SKILL.md:50 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | UNKNOWN | ✓ 一致 | SKILL.md claims config file writes but no code to verify |
| 命令执行 | NONE | UNKNOWN | ✓ 一致 | SKILL.md mentions 'openclaw plugins install' command but no implementation |
| 网络访问 | NONE | UNKNOWN | ✓ 一致 | References external URLs but no explicit code |
| 环境变量 | NONE | NONE | — | No environment access detected |
2 项发现
中危 外部 URL 外部 URL
https://openclawline.com SKILL.md:52 中危 外部 URL 外部 URL
https://www.npmjs.com/package/@openclawline/clawline-setup SKILL.md:53 目录结构
3 文件 · 2.0 KB · 61 行 Markdown 1f · 53L
Text 2f · 8L
├─
install.txt
Text
├─
SKILL.md
Markdown
└─
triggers.txt
Text
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@openclawline/clawline-setup | unknown | npm | 否 | No package.json in skill; dependency comes from referenced npm package |
安全亮点
✓ No executable code files present to analyze, reducing immediate attack surface
✓ No environment variable access detected
✓ No sensitive file access patterns observed
✓ No obfuscated code, base64 payloads, or suspicious execution patterns
✓ External URLs are legitimate service references (GitHub, npm, app website)