扫描报告
5 /100
daily-idiom
每日成语学习 — Daily Chinese idiom learning with story, usage, examples, and quiz
A legitimate daily Chinese idiom learning skill with no malicious behavior detected.
可以安装
This skill is safe to use. The implementation is straightforward educational content generation with push notification management.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Dependencies not version pinned | package.json:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md declares node runtime; scripts read/write to data/users/ for user prefe… |
| 网络访问 | NONE | NONE | — | No network access in any scripts |
| 命令执行 | READ | READ | ✓ 一致 | Only documented node script invocations |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
中危 外部 URL 外部 URL
https://openclaw.ai README.md:5 目录结构
7 文件 · 9.8 KB · 214 行 Markdown 2f · 114L
JavaScript 3f · 85L
JSON 2f · 15L
├─
▾
scripts
│ ├─
evening-push.js
JavaScript
│ ├─
morning-push.js
JavaScript
│ └─
push-toggle.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
(built-in only) | N/A | Node.js stdlib | 否 | Uses only built-in modules: fs, path |
安全亮点
✓ Path traversal protection implemented via safeUserPath() function with directory boundary checks
✓ Input validation on userId using strict regex pattern /^[a-zA-Z0-9_-]{1,128}$/
✓ Time sanitization prevents invalid cron expressions
✓ No credential harvesting or exfiltration
✓ No base64, eval(), or dynamic code execution
✓ No external network connections or IP addresses
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ Uses only built-in Node.js modules (fs, path)
✓ Clear documentation of functionality in SKILL.md