Name: openclaw-cost-guard Security Report — Trusted | ClawSafe
Item: openclaw-cost-guard
Rating: 100
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

0 /100

openclaw-cost-guard

OpenClaw成本守卫 - 静态分析配置文件以识别成本泄漏、昂贵模型默认值和预算缺失

纯静态配置审计工具，代码行为完全符合声明，无任何风险发现

Skill Nameopenclaw-cost-guard

Duration30.8s

Enginepi

ClawHub OpenClaw Cost Guard v0.1.0 by x-rayluan

📥 168

ClawHub Verdict Suspicious dangerous_exec

✓

Safe to install

安全可用，可直接部署

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	scripts/cost-guard.mjs:22 仅读取配置JSON
Network	`NONE`	`NONE`	—	无任何网络请求代码
Shell	`NONE`	`NONE`	—	无shell/subprocess执行
Environment	`NONE`	`NONE`	—	仅使用os.homedir()获取主目录路径

File Tree

6 files · 11.8 KB · 329 lines

JavaScript 2f · 155L Markdown 3f · 139L JSON 1f · 35L

├─ ▾ 📁 references

│ └─ 📝 cost-playbook.md Markdown 27L · 1.2 KB

├─ ▾ 📁 scripts

│ └─ 📜 cost-guard.mjs JavaScript 118L · 5.1 KB

├─ ▾ 📁 tests

│ └─ 📜 test.mjs JavaScript 37L · 1.2 KB

├─ 📋 package.json JSON 35L · 869 B

├─ 📝 README.md Markdown 56L · 1.4 KB

└─ 📝 SKILL.md Markdown 56L · 2.0 KB

Security Positives

✓ 仅使用Node.js内置模块（fs, os, path），无第三方依赖注入风险

✓ 纯静态JSON配置解析，无网络通信

✓ 无shell执行，无代码注入风险

✓ 无凭证收割、环境变量遍历等敏感行为

✓ 代码逻辑清晰，与SKILL.md声明完全一致

✓ 无混淆代码、无base64/eval

✓ 测试覆盖合理，验证了FAIL场景