扫描报告
5 /100
ai-interview
AI面试系统 - 完整的AI面试解决方案,包含求职者和面试官Agent,支持飞书群聊面试和实时可视化观察
Legitimate AI interview system with job-seeker and recruiter agents, featuring a local web visualization panel. No malicious behavior, credential harvesting, or external network communication detected.
可以安装
This skill is safe to use. The web viewer server binds to localhost only (port 8091) and accesses only the intended OpenClaw session directory.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Reads OpenClaw Agent Session Files 敏感访问 | server.py:53 |
| 低危 | Can Delete Session Files 敏感访问 | server.py:80 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | server.py:26 reads from ~/.openclaw/agents |
| 网络访问 | NONE | READ | ✓ 一致 | server.py:16 localhost HTTP server only |
| 命令执行 | NONE | NONE | — | install.sh:41 uses subprocess for background launch, documented |
目录结构
6 文件 · 27.9 KB · 905 行 HTML 1f · 325L
Markdown 3f · 278L
Python 1f · 246L
Shell 1f · 56L
├─
▾
config
│ ├─
▾
job-seeker
│ │ └─
IDENTITY.md
Markdown
│ └─
▾
recruiter
│ └─
IDENTITY.md
Markdown
├─
▾
public
│ └─
index.html
HTML
├─
▾
scripts
│ └─
install.sh
Shell
├─
server.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ No external network communication - server only binds to localhost
✓ No credential harvesting or environment variable iteration for secrets
✓ No base64 encoding or obfuscation
✓ No reverse shell or C2 infrastructure
✓ No curl|bash or wget|sh remote execution patterns
✓ Clear documentation matches implementation
✓ No malicious dependencies or supply chain risks
✓ Session file access is scoped to OpenClaw directory only
✓ Install script only creates directories and copies templates