network-device-scanner 安全扫描报告 — 可信 | ClawSafe

5 /100

network-device-scanner

扫描局域网内活跃设备及其开放端口，返回格式化Markdown表格

A legitimate network device scanner skill that performs local LAN scanning using standard tools (arp, ping, socket connections) with all capabilities properly declared in documentation.

技能名称network-device-scanner

分析耗时59.6s

引擎pi

✓

可以安装

Skill is safe to use. No security concerns identified.

安全发现 1 项

严重性	安全发现	位置
低危	Hardcoded network range Script uses a hardcoded 172.16.10.0/24 network range rather than dynamically detecting the current LAN subnet. This limits portability but does not pose a security risk. `NETWORK = "172.16.10.0/24"` → Consider using ipcalc or reading the local network configuration to dynamically determine the subnet.	`scripts/scan.py:18`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	scan.py:48-57 reads /proc/net/arp
网络访问	`READ_WRITE`	`READ_WRITE`	✓ 一致	scan.py:111-116 socket port scanning
命令执行	`WRITE`	`WRITE`	✓ 一致	scan.py:33-34 subprocess arp/fping commands
环境变量	`NONE`	`READ`	✓ 一致	scan.py:158 reads SCAN_EXTRA_IPS env var

目录结构

4 文件 · 17.0 KB · 585 行

Python 1f · 294L JavaScript 1f · 224L Markdown 1f · 61L Text 1f · 6L

├─ ▾ 📁 scripts

│ ├─ 📜 scan.cjs JavaScript 224L · 5.9 KB

│ └─ 🐍 scan.py Python 294L · 8.8 KB

├─ 📄 result.txt Text 6L · 301 B

└─ 📝 SKILL.md Markdown 61L · 2.0 KB

安全亮点

✓ All shell commands (arp, fping, nmap, ping) are declared in SKILL.md

✓ No credential harvesting or sensitive file access

✓ No data exfiltration to external IPs

✓ No base64/eval/atob code execution patterns

✓ Port scanning is limited to predefined common ports (21,22,23,53,80,135,139,443,445,554,8000,8080,8443,9000,37777)

✓ Network operations scoped to local subnet only

✓ Python and JS implementations are consistent in behavior

✓ Timeout protection on all subprocess calls