git-monitor Security Report — Low Risk | ClawSafe

10 /100

git-monitor

Git 项目监控工具，支持 GitHub、GitLab、Gitee 等所有 Git 平台

Git project monitoring tool with legitimate functionality. Shell execution via execSync and Feishu API access are necessary and appropriate for the stated features.

Skill Namegit-monitor

Duration45.7s

Enginepi

✓

Safe to install

This skill is safe to use. No action required. The shell execution via execSync and Feishu integration are documented behaviors required for Git monitoring functionality.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares Git operations; helper.js creates config.json at line 50 and c…
Shell	`WRITE`	`WRITE`	✓ Aligned	helper.js:257-290 uses execSync for git clone/fetch/reset; necessary for Git mon…
Network	`READ`	`READ`	✓ Aligned	SKILL.md declares GitHub/GitLab/Gitee support; helper.js:105,118 connects to Fei…
Environment	`READ`	`READ`	✓ Aligned	SKILL.md documents FEISHU_APP_ID/SECRET/CHAT_ID env vars; helper.js:59-61 reads …
Skill Invoke	`READ`	`READ`	✓ Aligned	SKILL.md declares triggers for monitoring operations

7 findings

🔗

Medium External URL 外部 URL

https://gitee.com/mindspore/mindspore

README.md:27

🔗

Medium External URL 外部 URL

https://open.feishu.cn/

README.md:64

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

helper.js:105

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages

helper.js:118

🔗

Medium External URL 外部 URL

https://gitlab.com

helper.js:191

🔗

Medium External URL 外部 URL

https://gitee.com

helper.js:192

🔗

Medium External URL 外部 URL

https://gitee.com/owner/repo

helper.js:579

File Tree

8 files · 28.1 KB · 1025 lines

JavaScript 1f · 694L Markdown 2f · 193L Shell 1f · 87L JSON 4f · 51L

├─ 📋 _meta.json JSON 5L · 130 B

├─ 🔑 config.json ⚠ JSON 31L · 1.0 KB

├─ 📋 config.local.json JSON 9L · 340 B

├─ 📜 helper.js JavaScript 694L · 20.4 KB

├─ 🔧 monitor.sh Shell 87L · 1.9 KB

├─ 📋 package.json JSON 6L · 115 B

├─ 📝 README.md Markdown 64L · 1.1 KB

└─ 📝 SKILL.md Markdown 129L · 3.2 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`fs`	`built-in`	Node.js	No	Standard Node.js filesystem module
`path`	`built-in`	Node.js	No	Standard Node.js path module
`os`	`built-in`	Node.js	No	Standard Node.js os module
`child_process`	`built-in`	Node.js	No	Standard Node.js module for git operations

Security Positives

✓ No malicious code patterns (base64, eval, obfuscation)

✓ No credential harvesting beyond Feishu tokens used for notifications

✓ No reverse shells, C2, or data exfiltration

✓ All network connections are to documented, legitimate APIs (GitHub/GitLab/Gitee/Feishu)

✓ Git operations are necessary and appropriate for the stated Git monitoring functionality

✓ Repositories stored in standard user-workspace directory (~/.openclaw/workspace/repos/)

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env

✓ No remote script execution (curl|bash, wget|sh)

✓ Clean code structure with no hidden functionality

Scan Report

File Tree

Dependencies 4 items

Security Positives