subscription-manager-pro 安全扫描报告 — 可信 | ClawSafe

0 /100

subscription-manager-pro

Track all your subscriptions, get alerts before renewals, identify forgotten services, and calculate total spend

A straightforward subscription tracking tool with clean, transparent code using only Python standard library—no network access, no shell execution, no credential access, and all functionality properly documented.

技能名称subscription-manager-pro

分析耗时27.2s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md line 85-91 declares local JSON storage in ~/.openclaw/workspace/
网络访问	`NONE`	`NONE`	—	No network modules (requests, urllib, http) imported or used in scripts/manager.…
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution in codebase
环境变量	`NONE`	`NONE`	—	No os.environ access for credential harvesting
技能调用	`NONE`	`NONE`	—	CLI tool only, no skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	Uses local JSON files, not a database

5 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-Install-blue

README.md:5

🔗

中危外部 URL 外部 URL

https://clawhub.ai/subscription-manager-pro

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-green.svg

README.md:6

🔗

中危外部 URL 外部 URL

https://netflix.com/cancelplan

README.md:127

🔗

中危外部 URL 外部 URL

https://clawhub.ai/about/guidelines

README.md:149

目录结构

4 文件 · 30.2 KB · 965 行

Python 1f · 550L Markdown 2f · 375L JSON 1f · 40L

├─ ▾ 📁 scripts

│ └─ 🐍 manager.py Python 550L · 20.4 KB

├─ 📋 claw.json JSON 40L · 983 B

├─ 📝 README.md Markdown 157L · 3.7 KB

└─ 📝 SKILL.md Markdown 218L · 5.1 KB

安全亮点

✓ Uses only Python standard library (json, os, pathlib, argparse, datetime) - no external dependencies

✓ All data stored locally in ~/.openclaw/workspace/subscription-manager-pro/data/ - never leaves the machine

✓ No network requests or external communications (no requests/urllib/http modules)

✓ No shell execution or subprocess calls

✓ No credential harvesting (no access to ~/.ssh, ~/.aws, .env, or os.environ for sensitive data)

✓ Clean, readable code with no obfuscation (no base64, eval, or anti-analysis techniques)

✓ SKILL.md accurately documents all functionality - doc-to-code alignment is excellent

✓ No hidden functionality - all operations are subscription management CRUD operations

✓ CSV/JSON export saves to local data directory only

✓ MIT licensed, open-source repository