Scan Report
5 /100
cwd-guardian
Monitors and restores the evolver process working directory to prevent uv_cwd ENOENT crashes
This is a lightweight daemon watchdog skill that safely monitors and restores the evolver process working directory using local filesystem operations and process checks.
Safe to install
No action needed. The skill implements its documented purpose with minimal attack surface.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | index.js:24-26 writes to GUARDIAN_DIR, SKILL.md declares 'Records current workin… |
| Shell | READ | READ | ✓ Aligned | index.js:51 uses execSync('pgrep -f ...') for status check only |
| Network | NONE | NONE | — | No network requests in codebase |
| Environment | NONE | NONE | — | No os.environ access or credential harvesting |
File Tree
3 files · 3.8 KB · 132 lines JavaScript 1f · 98L
Markdown 1f · 24L
JSON 1f · 10L
├─
index.js
JavaScript
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
node (standard library only) | N/A | bundled | No | Uses only fs, path, child_process from Node.js stdlib |
Security Positives
✓ No network requests - fully local operation
✓ No credential or sensitive data access
✓ Filesystem operations scoped to designated workspace path (~/.openclaw/workspace)
✓ Shell execution limited to read-only process status check (pgrep)
✓ No base64, eval, or dynamic code execution
✓ No remote script execution (curl|bash, wget|sh)
✓ Simple, auditable codebase with single responsibility
✓ Dependencies: only Node.js standard library (fs, path, child_process)