中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
reviewlens
评论透镜 - 把海量商品评论压成结论卡,告诉你真实买家反复在夸什么、骂什么,谁适合买,谁容易踩坑
ReviewLens is a benign review-intelligence skill that analyzes Chinese e-commerce marketplace reviews into decision cards. The single shell script (publish.sh) is a standard clawhub CLI publishing utility with no malicious patterns.
技能名称reviewlens
分析耗时37.1s
引擎pi
可以安装
Approve for use. The skill performs only declared read-only review analysis with no hidden functionality.
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 SKILL.md:288 — reads reference/*.md files for review heuristics
网络访问 NONE READ ✓ 一致 SKILL.md:296-300 — browser inspects public review tabs only
命令执行 NONE NONE scripts/publish.sh runs clawhub CLI for publishing, fully declared and documente…
环境变量 NONE NONE No environment variable access detected in any file
剪贴板 NONE NONE No clipboard access found
浏览器 READ READ ✓ 一致 SKILL.md:296-300 — browser workflow only for public review tab inspection
数据库 NONE NONE No database access found
技能调用 NONE NONE No inter-skill invocation found

目录结构

9 文件 · 26.1 KB · 823 行
Markdown 6f · 730L Shell 1f · 66L JSON 1f · 23L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 466 B
├─ 📁 references
│ ├─ 📝 example-prompts.md Markdown 41L · 1.3 KB
│ ├─ 📝 fit-mismatch.md Markdown 78L · 2.1 KB
│ ├─ 📝 review-signals.md Markdown 85L · 2.9 KB
│ └─ 📝 verdict-cards.md Markdown 68L · 1.9 KB
├─ 📁 scripts
│ └─ 🔧 publish.sh Shell 66L · 1.9 KB
├─ 📋 clawhub.json JSON 23L · 538 B
├─ 📝 RELEASE.md Markdown 133L · 3.1 KB
└─ 📝 SKILL.md Markdown 325L · 11.8 KB

安全亮点

✓ No credential harvesting — skill never accesses environment variables, SSH keys, AWS configs, or .env files
✓ No network exfiltration — no outbound data transfer beyond intended clawhub publish command
✓ No obfuscation — no base64, eval, atob, or anti-analysis patterns anywhere in the codebase
✓ No remote script execution — no curl|bash, wget|sh, or similar download-and-execute patterns
✓ Clear safety boundary — SKILL.md explicitly forbids login, posting reviews, or placing orders
✓ Shell script is a simple publishing utility — uses set -eu for strict error handling, copies files only, no network abuse
✓ No supply chain risk — no package dependencies, no requirements.txt, no unpinned pip installs
✓ Strong doc-to-code alignment — SKILL.md declarations match implementation exactly
✓ No sensitive file access — never touches ~/.ssh, ~/.aws, or similar credential paths
✓ Intent is transparent — skill is purely a review-analysis text-processing tool