中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:22 hr ago Rescan
10 /100
ai-intelligent-audit-logging
审计日志,操作记录 + 合规审计。AI intelligent audit logging system with operation recording, audit queries, compliance checking, data analysis, and report generation.
This skill contains only documentation (SKILL.md and skill.json) with no executable code. The installation instructions reference an external GitHub repository which could theoretically introduce supply chain risk, but the delivered package itself contains no malicious artifacts.
Skill Nameai-intelligent-audit-logging
Duration20.1s
Enginepi
Safe to install
If deploying this skill, verify the external GitHub repository (github.com/openclaw-skills/ai-intelligent-audit-logging) before following installation instructions. Request the actual source code for security review before installation in production environments.

Findings 2 items

Severity Finding Location
Low
Unpinned external dependency Supply Chain
SKILL.md instructs users to clone from github.com/openclaw-skills/ai-intelligent-audit-logging without a pinned commit SHA or specific version tag
git clone https://github.com/openclaw-skills/ai-intelligent-audit-logging
→ Pin to a specific commit hash or version tag to prevent potential repo tampering
 SKILL.md:42
Low
Unpinned pip dependencies Supply Chain
Installation uses 'pip install -r requirements.txt' without specifying pinned versions in the package
pip install -r requirements.txt
→ Provide a requirements.txt with pinned versions or verify upstream package versions
 SKILL.md:43

File Tree

2 files · 1.2 KB · 58 lines
Markdown 1f · 51L JSON 1f · 7L
├─ 📋 skill.json JSON 7L · 213 B
└─ 📝 SKILL.md Markdown 51L · 972 B

Security Positives

✓ No executable code present in the delivered package
✓ No credential harvesting patterns detected
✓ No network exfiltration code present
✓ No obfuscation techniques observed
✓ No sensitive file access attempts