扫描报告
5 /100
vscode-copilot
Bridge between OpenClaw and VS Code Copilot — dispatch coding tasks from any OpenClaw channel to VS Code for execution.
A minimal single-file SKILL.md bridge that uses curl to dispatch coding tasks to a local VS Code Copilot extension via localhost HTTP. No scripts, no dependencies, no external traffic, and no sensitive access — behavior is fully declared and transparent.
可以安装
No action required. The skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in SKILL.md |
| 网络访问 | READ | READ | ✓ 一致 | curl POSTs JSON to localhost:19836 — line 28-31 SKILL.md |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Uses curl commands to send HTTP requests — lines 24-34 SKILL.md |
| 环境变量 | NONE | NONE | — | No environment variable access declared or observed |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
中危 外部 URL 外部 URL
https://marketplace.visualstudio.com/items?itemName=wodeapp.openclaw-chat SKILL.md:5 目录结构
1 文件 · 3.3 KB · 92 行 Markdown 1f · 92L
└─
SKILL.md
Markdown
安全亮点
✓ Single-file skill with no executable scripts or binaries — zero supply-chain risk
✓ All network traffic is strictly localhost (127.0.0.1:19836), no external data exfiltration
✓ SKILL.md fully documents all behavior including endpoints, data sent, and security model
✓ No credential harvesting, no environment variable access, no sensitive file paths touched
✓ No obfuscation, no base64, no eval — pure curl/HTTP documented behavior
✓ No dependencies (no package.json, requirements.txt, etc.)
✓ No data leaves the machine — Copilot processes requests through GitHub's standard API
✓ Verified marketplace extension (wodeapp.openclaw-chat) — no typosquatting or spoofing signals