daily-movie Security Report — Trusted | ClawSafe

0 /100

daily-movie

每日影视推荐 — 每天推荐一部精选电影或剧集

Clean daily-movie recommendation skill with well-implemented path traversal protection and no suspicious behavior.

Skill Namedaily-movie

Duration19.6s

Enginepi

✓

Safe to install

No action needed. Skill is safe to use.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Scripts read/write user preferences to data/users/*.json
Network	`NONE`	`NONE`	—	No network requests in scripts
Shell	`NONE`	`NONE`	—	No subprocess or shell execution detected
Environment	`NONE`	`NONE`	—	No environment variable access

1 findings

🔗

Medium External URL 外部 URL

https://openclaw.ai

README.md:5

File Tree

7 files · 10.1 KB · 225 lines

Markdown 2f · 125L JavaScript 3f · 85L JSON 2f · 15L

├─ ▾ 📁 scripts

│ ├─ 📜 evening-push.js JavaScript 18L · 1.4 KB

│ ├─ 📜 morning-push.js JavaScript 18L · 1.5 KB

│ └─ 📜 push-toggle.js JavaScript 49L · 3.5 KB

├─ 📋 _meta.json JSON 7L · 137 B

├─ 📋 package.json JSON 8L · 165 B

├─ 📝 README.md Markdown 52L · 1.5 KB

└─ 📝 SKILL.md Markdown 73L · 1.8 KB

✓ Strong path traversal protection via safeUserPath() function

✓ User input validation with regex for userId (alphanumeric only, 1-128 chars)

✓ Time format validation prevents injection

✓ Allowed channel whitelist (telegram/feishu/slack/discord)

✓ No external npm dependencies - uses only Node.js built-in modules

✓ Scripts only output prompts for AI, no side effects beyond user preference storage

✓ Session keys use structured naming convention without user-controlled content