中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
grocery-checklist
Persistent pantry-backed grocery checklist for OpenClaw, with Telegram inline buttons for marking items bought.
Legitimate pantry-state skill with fully declared permissions; subprocess is limited to openclaw CLI, network is Telegram-only, and all file I/O is scoped to ~/.openclaw paths.
技能名称grocery-checklist
分析耗时31.5s
引擎pi
可以安装
No action needed. The skill is clean.

安全发现 1 项

严重性 安全发现 位置
低危
Bash/python3/openclaw bin declarations not explicitly linked to subprocess 文档欺骗
SKILL.md declares 'bins: [bash, python3, openclaw]' but does not state that openclaw is invoked via subprocess.run. This is technically a documentation gap but has no security impact since the subprocess is constrained to a single known binary.
bins: [bash, python3, openclaw]
→ Add a bullet: 'runs openclaw CLI via subprocess for Telegram message dispatch' to SKILL.md runtime behavior section.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 scripts/grocery.py:state_path() writes ~/.openclaw/data/grocery-checklist/state.…
文件系统 READ READ ✓ 一致 scripts/grocery.py:openclaw_config_path() reads ~/.openclaw/openclaw.json
网络访问 READ READ ✓ 一致 scripts/grocery.py:telegram_api() POSTs only to https://api.telegram.org/
命令执行 WRITE WRITE ✓ 一致 scripts/grocery.py:run_openclaw() runs 'openclaw' binary; scripts/telegram_bot.p…
环境变量 READ READ ✓ 一致 scripts/grocery.py:state_path() reads GROCERY_STATE_FILE env var
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot
scripts/grocery.py:394

目录结构

7 文件 · 41.5 KB · 1285 行
Python 2f · 1069L Markdown 4f · 211L Shell 1f · 5L
├─ 📁 scripts
│ ├─ 🐍 grocery.py Python 731L · 25.0 KB
│ ├─ 🔧 grocery.sh Shell 5L · 141 B
│ └─ 🐍 telegram_bot.py Python 338L · 10.8 KB
├─ 📝 AGENTS.md Markdown 8L · 349 B
├─ 📝 README.md Markdown 58L · 1.8 KB
├─ 📝 SETUP.md Markdown 94L · 2.3 KB
└─ 📝 SKILL.md Markdown 51L · 1.1 KB

依赖分析 2 项

包名版本来源已知漏洞备注
stdlib bundled with python3 stdlib No external dependencies; only urllib (stdlib) and subprocess (stdlib) used
openclaw unspecified external binary Declared required binary; invoked via subprocess with fixed args

安全亮点

✓ All file I/O is scoped to declared ~/.openclaw paths only
✓ Network activity is limited to Telegram Bot API (api.telegram.org) using the configured bot token
✓ No credential harvesting: bot token is used only to call Telegram API, never exfiltrated
✓ No base64, no eval, no obfuscation, no IP hardcoding
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Subprocess is constrained to a single known binary (openclaw) with fixed argument structure
✓ User allowlist enforced in telegram_bot.py polling loop
✓ No remote script download (curl|bash, wget|sh)
✓ No hidden HTML comments or prompt injection payloads