扫描报告
15 /100
skill-downloader
Discover, compare, review, install, or update OpenClaw skills from trusted sources with a review-first workflow
This is a policy-focused documentation skill for discovering and managing OpenClaw skills; no executable code or malicious behavior found, though capability declarations are incomplete.
可以安装
Consider adding explicit capability declarations for filesystem:WRITE and network:READ to align documentation with the implied installation and discovery workflows.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Incomplete capability declarations | SKILL.md:1 |
| 提示 | Documentation-only skill | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | SKILL.md: 'installing or updating a skill' implies filesystem writes |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md: 'search trusted sources' implies network access |
| 命令执行 | NONE | NONE | — | No shell execution found |
| 环境变量 | NONE | NONE | — | No environment access found |
| 技能调用 | NONE | NONE | — | Skill invokes other skills via documentation only |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser access found |
| 数据库 | NONE | NONE | — | No database access found |
目录结构
3 文件 · 6.7 KB · 189 行 Markdown 3f · 189L
├─
▾
references
│ └─
advanced-workflows.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Clear review-first workflow prevents automatic execution
✓ Explicit approval requirement before installation
✓ Trusted sources policy limits exposure to malicious packages
✓ Safety policy emphasizes inspection before writing files
✓ No executable code or dependencies found
✓ No credential access or exfiltration patterns
✓ No base64, eval, or shell injection vectors