subagent-spawn-command-builder 安全扫描报告 — 可信 | ClawSafe

0 /100

subagent-spawn-command-builder

Build sessions_spawn command payloads from JSON profiles

This is a simple, benign payload builder script for sessions_spawn that only parses CLI arguments, validates inputs, writes logs to a local file, and outputs JSON. No malicious behavior detected.

技能名称subagent-spawn-command-builder

分析耗时21.8s

引擎pi

✓

可以安装

No action needed. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	fs.appendFileSync writes to state/build-log.jsonl (line 96), fs.mkdirSync create…
网络访问	`NONE`	`NONE`	—	No network requests in code
命令执行	`NONE`	`NONE`	—	No shell execution, no subprocess
环境变量	`NONE`	`NONE`	—	No access to process.env

目录结构

3 文件 · 8.6 KB · 274 行

Markdown 2f · 144L JavaScript 1f · 130L

├─ ▾ 📁 scripts

│ └─ 📜 build_spawn_payload.mjs JavaScript 130L · 4.0 KB

├─ 📝 README.md Markdown 78L · 2.6 KB

└─ 📝 SKILL.md Markdown 66L · 2.1 KB

安全亮点

✓ Documentation accurately describes functionality (builds payload JSON only, does not execute sessions_spawn)

✓ No shell or subprocess execution

✓ No network requests or external connections

✓ No credential harvesting or sensitive file access

✓ No obfuscation techniques (no eval, no base64, no dynamic code execution)

✓ Input validation present for cleanup and mode parameters

✓ Uses standard Node.js fs API only for local logging