中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
grocery-checklist
Persistent pantry-backed grocery checklist for OpenClaw, with Telegram inline buttons for marking items bought.
Legitimate pantry-state skill with fully declared permissions; subprocess is limited to openclaw CLI, network is Telegram-only, and all file I/O is scoped to ~/.openclaw paths.
Skill Namegrocery-checklist
Duration31.5s
Enginepi
Safe to install
No action needed. The skill is clean.

Findings 1 items

Severity Finding Location
Low
Bash/python3/openclaw bin declarations not explicitly linked to subprocess Doc Mismatch
SKILL.md declares 'bins: [bash, python3, openclaw]' but does not state that openclaw is invoked via subprocess.run. This is technically a documentation gap but has no security impact since the subprocess is constrained to a single known binary.
bins: [bash, python3, openclaw]
→ Add a bullet: 'runs openclaw CLI via subprocess for Telegram message dispatch' to SKILL.md runtime behavior section.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned scripts/grocery.py:state_path() writes ~/.openclaw/data/grocery-checklist/state.…
Filesystem READ READ ✓ Aligned scripts/grocery.py:openclaw_config_path() reads ~/.openclaw/openclaw.json
Network READ READ ✓ Aligned scripts/grocery.py:telegram_api() POSTs only to https://api.telegram.org/
Shell WRITE WRITE ✓ Aligned scripts/grocery.py:run_openclaw() runs 'openclaw' binary; scripts/telegram_bot.p…
Environment READ READ ✓ Aligned scripts/grocery.py:state_path() reads GROCERY_STATE_FILE env var
1 findings
🔗
Medium External URL 外部 URL
https://api.telegram.org/bot
scripts/grocery.py:394

File Tree

7 files · 41.5 KB · 1285 lines
Python 2f · 1069L Markdown 4f · 211L Shell 1f · 5L
├─ 📁 scripts
│ ├─ 🐍 grocery.py Python 731L · 25.0 KB
│ ├─ 🔧 grocery.sh Shell 5L · 141 B
│ └─ 🐍 telegram_bot.py Python 338L · 10.8 KB
├─ 📝 AGENTS.md Markdown 8L · 349 B
├─ 📝 README.md Markdown 58L · 1.8 KB
├─ 📝 SETUP.md Markdown 94L · 2.3 KB
└─ 📝 SKILL.md Markdown 51L · 1.1 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
stdlib bundled with python3 stdlib No No external dependencies; only urllib (stdlib) and subprocess (stdlib) used
openclaw unspecified external binary No Declared required binary; invoked via subprocess with fixed args

Security Positives

✓ All file I/O is scoped to declared ~/.openclaw paths only
✓ Network activity is limited to Telegram Bot API (api.telegram.org) using the configured bot token
✓ No credential harvesting: bot token is used only to call Telegram API, never exfiltrated
✓ No base64, no eval, no obfuscation, no IP hardcoding
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Subprocess is constrained to a single known binary (openclaw) with fixed argument structure
✓ User allowlist enforced in telegram_bot.py polling loop
✓ No remote script download (curl|bash, wget|sh)
✓ No hidden HTML comments or prompt injection payloads