中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
haos-ssh-maintenance
Use when Home Assistant OS needs SSH-based maintenance that cannot be completed cleanly through the Home Assistant API alone.
Pure documentation skill for HAOS SSH maintenance with no executable code, properly declared permissions, and appropriate boundary controls.
技能名称haos-ssh-maintenance
分析耗时33.7s
引擎pi
可以安装
This skill is a documentation-only guide. No executable code is present. Ensure any SSH access targets are properly secured and audit trail is maintained for configuration changes.

安全发现 2 项

严重性 安全发现 位置
低危
Broad .storage edit policy 权限提升
The .storage direct-edit policy mentions editing core.config_entries without specific safeguards beyond 'last resort' framing. Editing critical configuration entries like device_registry could have wide-ranging effects.
- /config/.storage/core.config_entries
→ Add explicit safeguards: require user confirmation for core.config_entries, core.device_registry, and core.entity_registry edits. Suggest backup and rollback procedures before any .storage modification.
 SKILL.md:96
低危
Interactive SSH shell access without specific constraints 敏感访问
Interactive PTY-backed SSH sessions provide shell access that could execute arbitrary commands beyond documented ha CLI usage.
When running from OpenClaw, prefer a PTY-backed exec session and then send commands into the live SSH shell.
→ Clarify the command scope for interactive SSH. While the skill focuses on ha CLI, PTY sessions technically allow arbitrary shell commands not bounded by documentation.
 SKILL.md:59
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md mentions editing YAML files under /config, custom_components, .storage …
命令执行 WRITE WRITE ✓ 一致 SKILL.md describes one-shot and interactive SSH modes for ha CLI and file operat…
网络访问 READ READ ✓ 一致 SKILL.md mentions API logbook/history access, Home Assistant UI logs
环境变量 READ READ ✓ 一致 SKILL.md mentions 'environment inspection' for one-shot SSH
技能调用 NONE NONE No skill invocation capability used or declared
剪贴板 NONE NONE No clipboard access mentioned or used
浏览器 NONE NONE No browser automation mentioned
数据库 READ READ ✓ 一致 SKILL.md mentions /config/home-assistant_v2.db as a read target

目录结构

1 文件 · 5.5 KB · 165 行
Markdown 1f · 165L
└─ 📝 SKILL.md Markdown 165L · 5.5 KB

安全亮点

✓ No executable code present - this is a pure documentation skill
✓ All declared capabilities are appropriate and documented
✓ Good security posture: 'Read before editing', 'smallest possible region', 'Ask before changing behavior that affects locks, alarms, access control'
✓ API-first approach explicitly recommended before falling back to SSH
✓ Safety guidelines for physical-entry-affecting systems included
✓ Clear distinction between one-shot and interactive SSH modes
✓ Reporting requirements ensure audit trail for configuration changes
✓ No obfuscation, no base64, no suspicious patterns detected
✓ No credential harvesting, no data exfiltration, no external network calls