中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:16 hr ago Rescan
5 /100
AI Customer Service Scripts Generator
AI-powered customer service reply script generator for 10+ industries
A straightforward AI customer service script generator with no malicious patterns — all behavior is declared and consistent with documentation.
Skill NameAI Customer Service Scripts Generator
Duration22.9s
Enginepi
Safe to install
No action required. The skill is safe for use. Consider pinning the openclaw dependency version for stability.

Findings 1 items

Severity Finding Location
Low
Unpinned dependency (openclaw) Supply Chain
The openclaw package is used without version pinning, which could lead to unexpected behavior if the package is updated.
from openclaw import OpenClaw
→ Pin the openclaw version in a requirements.txt or pyproject.toml, e.g. openclaw>=1.0.0,<2.0.0
 scripts_generator.py:9
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No filesystem access in scripts_generator.py
Network NONE READ ✓ Aligned Uses openclaw SDK for API calls; no raw socket/IP usage
Shell NONE NONE No subprocess or shell execution
Environment READ READ ✓ Aligned Only reads OPENCLAW_API_KEY, as documented
Skill Invoke NONE NONE No inter-skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access
1 findings
🔗
Medium External URL 外部 URL
https://discord.gg/clawd
SKILL.md:54

File Tree

2 files · 5.6 KB · 177 lines
Python 1f · 118L Markdown 1f · 59L
├─ 🐍 scripts_generator.py Python 118L · 4.3 KB
└─ 📝 SKILL.md Markdown 59L · 1.3 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
openclaw unpinned pip (pip install openclaw) No Version not specified in any dependency file

Security Positives

✓ No shell or subprocess execution of any kind
✓ No filesystem write operations
✓ No credential harvesting beyond the declared OPENCLAW_API_KEY
✓ No obfuscation (no base64, eval, or dynamic code execution)
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration — all network traffic is through the documented openclaw SDK
✓ Code and documentation are consistent — no hidden functionality
✓ No suspicious URLs, IP addresses, or external C2 indicators