xianyu-sam-order 安全扫描报告 — 可信 | ClawSafe

5 /100

xianyu-sam-order

闲鱼山姆代下单 - 配置你自己的账号

Benign help/config tool that only reads environment variables and prints usage instructions with no network, file-write, or shell operations.

技能名称xianyu-sam-order

分析耗时24.6s

引擎pi

✓

可以安装

Skill is safe to use. No malicious behavior detected.

安全发现 1 项

严重性	安全发现	位置
低危	Malformed SKILL.md with appended JSON 文档欺骗 SKILL.md has YAML frontmatter (---) but the closing --- is missing, and a JSON object is appended after. The JSON is harmless (name, version, author) but indicates a documentation formatting issue. `{ "name": "xianyu-sam-order", "version": "1.0.0", "author": "OpenClaw" }` → Fix SKILL.md formatting by removing the stray JSON and ensuring proper YAML frontmatter closure.	`SKILL.md:57`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access in scripts/order.py
网络访问	`NONE`	`NONE`	—	No network calls in scripts/order.py
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution in scripts/order.py
环境变量	`READ`	`READ`	✓ 一致	scripts/order.py:11-12 uses os.environ.get for XIANYU_COOKIE and SAM_PHONE
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

3 文件 · 2.5 KB · 110 行

Markdown 1f · 57L Python 1f · 48L JSON 1f · 5L

├─ ▾ 📁 scripts

│ └─ 🐍 order.py Python 48L · 1.2 KB

├─ 📋 _meta.json JSON 5L · 79 B

└─ 📝 SKILL.md Markdown 57L · 1.2 KB

✓ No network requests or external communication

✓ No shell or subprocess execution

✓ No file write operations

✓ No credential exfiltration

✓ No obfuscation or encoded payloads

✓ Environment variable access is declared and consistent with SKILL.md documentation

✓ Simple, readable code with no hidden functionality

✓ Skill behavior matches documented description (help text and env config check)