中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
openclaw-role-configurator
OpenClaw 角色配置助手 - 帮你轻松完成 OpenClaw 的角色配置,是每个新用户的第一个 skill
This is a benign OpenClaw role configurator skill providing guided role setup with 21 preset templates and SOUL.md file generation. No malicious behavior detected.
Skill Nameopenclaw-role-configurator
Duration30.3s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified.

Findings 2 items

Severity Finding Location
Low
Non-existent script referenced in documentation
SKILL.md references 'scripts/guided_config.py' which does not exist in the package. Only template_manager.py, config_writer.py, and skill_recommender.py are present.
scripts/guided_config.py - 引导式配置
→ Remove or update documentation to match actual file structure
 SKILL.md:175
Low
Default workspace path uses root directory
config_writer.py defaults to '/root/.openclaw/workspace' which may not be ideal in all environments, though this is the expected path for the OpenClaw tool itself.
OPENCLAW_WORKSPACE = os.environ.get("OPENCLAW_WORKSPACE", "/root/.openclaw/workspace")
→ Consider using a user-configurable path or respecting XDG base directory spec
 scripts/config_writer.py:12
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned scripts/template_manager.py:21 and scripts/config_writer.py:18 read JSON files
Filesystem WRITE WRITE ✓ Aligned scripts/config_writer.py:34 writes SOUL.md to workspace

File Tree

8 files · 28.5 KB · 816 lines
Markdown 2f · 331L JSON 3f · 296L Python 3f · 189L
├─ 📁 data
│ ├─ 📋 role_templates.json JSON 143L · 10.8 KB
│ └─ 📋 skill_recommendations.json JSON 144L · 2.7 KB
├─ 📁 scripts
│ ├─ 🐍 config_writer.py Python 61L · 1.5 KB
│ ├─ 🐍 skill_recommender.py Python 42L · 1.2 KB
│ └─ 🐍 template_manager.py Python 86L · 2.5 KB
├─ 📋 _meta.json JSON 9L · 606 B
├─ 📝 README.md Markdown 78L · 1.9 KB
└─ 📝 SKILL.md Markdown 253L · 7.4 KB

Security Positives

✓ No shell execution or subprocess usage
✓ No credential harvesting or environment variable enumeration
✓ No network requests or external IP connections
✓ No base64 encoding or obfuscation techniques
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No hidden functionality not declared in documentation
✓ No data exfiltration observed
✓ All file operations are scoped to the OpenClaw workspace
✓ Code is simple and straightforward with no obfuscation