中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
grocery-checklist
Persistent pantry-backed grocery checklist for OpenClaw with Telegram shopping-list UI
A legitimate grocery checklist skill with clear purpose, no obfuscation, no credential theft, and behavior fully consistent with its documentation.
技能名称grocery-checklist
分析耗时52.2s
引擎pi
可以安装
Skill is safe to use. Consider adding explicit network:WRITE declaration in SKILL.md for completeness, but this is a minor documentation gap with no security impact.

安全发现 1 项

严重性 安全发现 位置
低危
Network access not declared in SKILL.md metadata 文档欺骗
SKILL.md metadata section declares reads and writes for filesystem paths but omits network access. Telegram API POSTs (network:WRITE) are made in both grocery.py and telegram_bot.py. README.md and SETUP.md document the Telegram integration, making intent transparent, but SKILL.md alone is incomplete.
metadata.openclaw.reads/writes declared but network permissions absent
→ Add a network:WRITE declaration to SKILL.md metadata if strict compliance is required, or clarify that network access flows through OpenClaw's managed route.
 SKILL.md:17
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 grocery.py:save_state() writes JSON; SKILL.md metadata.writes[] covers both stat…
网络访问 NONE WRITE ✓ 一致 grocery.py:394 and telegram_bot.py:34 make POST requests to https://api.telegram…
命令执行 NONE WRITE ✓ 一致 grocery.py:267 subprocess.run(['openclaw',...]) and telegram_bot.py:61 subproces…
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot
scripts/grocery.py:394

目录结构

7 文件 · 43.8 KB · 1339 行
Python 2f · 1086L Markdown 4f · 248L Shell 1f · 5L
├─ 📁 scripts
│ ├─ 🐍 grocery.py Python 731L · 25.0 KB
│ ├─ 🔧 grocery.sh Shell 5L · 141 B
│ └─ 🐍 telegram_bot.py Python 355L · 11.4 KB
├─ 📝 AGENTS.md Markdown 8L · 349 B
├─ 📝 README.md Markdown 71L · 2.2 KB
├─ 📝 SETUP.md Markdown 102L · 2.9 KB
└─ 📝 SKILL.md Markdown 67L · 1.9 KB

安全亮点

✓ No base64-encoded payloads, obfuscation, or anti-analysis techniques present
✓ No credential harvesting — Telegram bot token is read from openclaw.json and used only for legitimate Telegram API calls
✓ No sensitive path access beyond declared openclaw config and state files
✓ No environment variable iteration for secrets
✓ No curl|bash or wget|sh remote script downloads
✓ No hidden instructions in comments or HTML
✓ subprocess.run uses command lists (no shell=True) — no shell injection vector
✓ Input validation on all Telegram callback data via regex (callback_data: gchk:...)
✓ Allowlist-based Telegram user access control in telegram_bot.py poll_forever()
✓ Dry-run mode available for safe testing
✓ Clean state repair/rollback logic in salvage_json_object() and prune_corrupted_items()