扫描报告
5 /100
cwd-guardian
Monitors and restores the evolver process working directory to prevent uv_cwd ENOENT crashes
This is a lightweight daemon watchdog skill that safely monitors and restores the evolver process working directory using local filesystem operations and process checks.
可以安装
No action needed. The skill implements its documented purpose with minimal attack surface.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | index.js:24-26 writes to GUARDIAN_DIR, SKILL.md declares 'Records current workin… |
| 命令执行 | READ | READ | ✓ 一致 | index.js:51 uses execSync('pgrep -f ...') for status check only |
| 网络访问 | NONE | NONE | — | No network requests in codebase |
| 环境变量 | NONE | NONE | — | No os.environ access or credential harvesting |
目录结构
3 文件 · 3.8 KB · 132 行 JavaScript 1f · 98L
Markdown 1f · 24L
JSON 1f · 10L
├─
index.js
JavaScript
├─
package.json
JSON
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
node (standard library only) | N/A | bundled | 否 | Uses only fs, path, child_process from Node.js stdlib |
安全亮点
✓ No network requests - fully local operation
✓ No credential or sensitive data access
✓ Filesystem operations scoped to designated workspace path (~/.openclaw/workspace)
✓ Shell execution limited to read-only process status check (pgrep)
✓ No base64, eval, or dynamic code execution
✓ No remote script execution (curl|bash, wget|sh)
✓ Simple, auditable codebase with single responsibility
✓ Dependencies: only Node.js standard library (fs, path, child_process)