扫描报告
5 /100
file-sender
Find and send local files to a chat channel (Telegram, Discord, WhatsApp, Signal, Slack)
This is a legitimate file-sharing skill with well-documented read-only filesystem access, proper constraints against sending secrets, and no hidden or malicious behavior detected.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | scripts/send_file.py:48 os.access(resolved, os.R_OK) |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md documents find commands; scripts/send_file.py:55 subprocess.run() |
| 网络访问 | READ | READ | ✓ 一致 | Delegates to openclaw message send --media; no direct network calls in code |
| 环境变量 | NONE | NONE | — | No os.environ access detected |
| 技能调用 | NONE | EXECUTE | ✓ 一致 | Script calls openclaw CLI command |
目录结构
2 文件 · 5.8 KB · 157 行 Python 1f · 86L
Markdown 1f · 71L
├─
▾
scripts
│ └─
send_file.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Clear documentation with explicit read-only constraints
✓ Explicit 'No secrets' policy against sending files with passwords, API keys, or tokens
✓ Size limit enforcement (50MB) prevents accidental large file transfers
✓ User confirmation requirement before sending files
✓ Permission checks before file access
✓ No credential harvesting or environment variable access
✓ Delegates to trusted openclaw CLI rather than making direct network calls
✓ Subprocess calls are documented and scoped to legitimate file-sending functionality
✓ No base64 encoding, eval, or other obfuscation techniques
✓ No downloads or external script execution