git-monitor 安全扫描报告 — 低风险 | ClawSafe

10 /100

git-monitor

Git 项目监控工具，支持 GitHub、GitLab、Gitee 等所有 Git 平台

Git project monitoring tool with legitimate functionality. Shell execution via execSync and Feishu API access are necessary and appropriate for the stated features.

技能名称git-monitor

分析耗时45.7s

引擎pi

✓

可以安装

This skill is safe to use. No action required. The shell execution via execSync and Feishu integration are documented behaviors required for Git monitoring functionality.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares Git operations; helper.js creates config.json at line 50 and c…
命令执行	`WRITE`	`WRITE`	✓ 一致	helper.js:257-290 uses execSync for git clone/fetch/reset; necessary for Git mon…
网络访问	`READ`	`READ`	✓ 一致	SKILL.md declares GitHub/GitLab/Gitee support; helper.js:105,118 connects to Fei…
环境变量	`READ`	`READ`	✓ 一致	SKILL.md documents FEISHU_APP_ID/SECRET/CHAT_ID env vars; helper.js:59-61 reads …
技能调用	`READ`	`READ`	✓ 一致	SKILL.md declares triggers for monitoring operations

7 项发现

🔗

中危外部 URL 外部 URL

https://gitee.com/mindspore/mindspore

README.md:27

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/

README.md:64

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

helper.js:105

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages

helper.js:118

🔗

中危外部 URL 外部 URL

https://gitlab.com

helper.js:191

🔗

中危外部 URL 外部 URL

https://gitee.com

helper.js:192

🔗

中危外部 URL 外部 URL

https://gitee.com/owner/repo

helper.js:579

目录结构

8 文件 · 28.1 KB · 1025 行

JavaScript 1f · 694L Markdown 2f · 193L Shell 1f · 87L JSON 4f · 51L

├─ 📋 _meta.json JSON 5L · 130 B

├─ 🔑 config.json ⚠ JSON 31L · 1.0 KB

├─ 📋 config.local.json JSON 9L · 340 B

├─ 📜 helper.js JavaScript 694L · 20.4 KB

├─ 🔧 monitor.sh Shell 87L · 1.9 KB

├─ 📋 package.json JSON 6L · 115 B

├─ 📝 README.md Markdown 64L · 1.1 KB

└─ 📝 SKILL.md Markdown 129L · 3.2 KB

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`fs`	`built-in`	Node.js	否	Standard Node.js filesystem module
`path`	`built-in`	Node.js	否	Standard Node.js path module
`os`	`built-in`	Node.js	否	Standard Node.js os module
`child_process`	`built-in`	Node.js	否	Standard Node.js module for git operations

安全亮点

✓ No malicious code patterns (base64, eval, obfuscation)

✓ No credential harvesting beyond Feishu tokens used for notifications

✓ No reverse shells, C2, or data exfiltration

✓ All network connections are to documented, legitimate APIs (GitHub/GitLab/Gitee/Feishu)

✓ Git operations are necessary and appropriate for the stated Git monitoring functionality

✓ Repositories stored in standard user-workspace directory (~/.openclaw/workspace/repos/)

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env

✓ No remote script execution (curl|bash, wget|sh)

✓ Clean code structure with no hidden functionality