daily-movie 安全扫描报告 — 可信 | ClawSafe

0 /100

daily-movie

每日影视推荐 — 每天推荐一部精选电影或剧集

Clean daily-movie recommendation skill with well-implemented path traversal protection and no suspicious behavior.

技能名称daily-movie

分析耗时19.6s

引擎pi

✓

可以安装

No action needed. Skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Scripts read/write user preferences to data/users/*.json
网络访问	`NONE`	`NONE`	—	No network requests in scripts
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution detected
环境变量	`NONE`	`NONE`	—	No environment variable access

1 项发现

🔗

中危外部 URL 外部 URL

https://openclaw.ai

README.md:5

目录结构

7 文件 · 10.1 KB · 225 行

Markdown 2f · 125L JavaScript 3f · 85L JSON 2f · 15L

├─ ▾ 📁 scripts

│ ├─ 📜 evening-push.js JavaScript 18L · 1.4 KB

│ ├─ 📜 morning-push.js JavaScript 18L · 1.5 KB

│ └─ 📜 push-toggle.js JavaScript 49L · 3.5 KB

├─ 📋 _meta.json JSON 7L · 137 B

├─ 📋 package.json JSON 8L · 165 B

├─ 📝 README.md Markdown 52L · 1.5 KB

└─ 📝 SKILL.md Markdown 73L · 1.8 KB

✓ Strong path traversal protection via safeUserPath() function

✓ User input validation with regex for userId (alphanumeric only, 1-128 chars)

✓ Time format validation prevents injection

✓ Allowed channel whitelist (telegram/feishu/slack/discord)

✓ No external npm dependencies - uses only Node.js built-in modules

✓ Scripts only output prompts for AI, no side effects beyond user preference storage

✓ Session keys use structured naming convention without user-controlled content