中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
daily-poem
Daily Poem — 每日精选诗词推送,中英古典/现代诗交替,含译文赏析朗读节奏,支持按主题/作者按需查诗和周合辑
Daily Poem skill is a legitimate poetry delivery and query service using Node.js scripts as prompt generators with minimal filesystem access and no network/shell execution.
技能名称daily-poem
分析耗时28.3s
引擎pi
可以安装
This skill is safe to use. No security concerns identified.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md:data/push-log.json; scripts read this file only
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares push-log.json writes; scripts use fs.readFileSync (read-only),…
网络访问 NONE NONE No network requests in any script
命令执行 NONE NONE No shell execution, subprocess, or command invocation
环境变量 NONE NONE No env access found
浏览器 NONE NONE Not used

目录结构

8 文件 · 19.1 KB · 542 行
JavaScript 4f · 391L Markdown 1f · 122L JSON 3f · 29L
├─ 📁 data
│ └─ 📋 push-log.json JSON 1L · 3 B
├─ 📁 scripts
│ ├─ 📜 morning-push.js JavaScript 130L · 5.0 KB
│ ├─ 📜 push-toggle.js JavaScript 67L · 1.7 KB
│ ├─ 📜 query.js JavaScript 103L · 3.6 KB
│ └─ 📜 weekly-digest.js JavaScript 91L · 3.5 KB
├─ 📋 _meta.json JSON 6L · 121 B
├─ 📋 package.json JSON 22L · 931 B
└─ 📝 SKILL.md Markdown 122L · 4.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none N/A npm No external dependencies — only built-in Node.js modules (fs, path, process)

安全亮点

✓ SKILL.md documentation accurately describes all script functionality with no mismatches
✓ Scripts are simple prompt generators outputting to console only — no side effects
✓ query.js implements input sanitization (removes <>&"';&|`$ characters)
✓ No external dependencies — uses only built-in Node.js modules (fs, path, process)
✓ Filesystem access is minimal: only reads/writes push-log.json within skill directory
✓ No credential access, sensitive path access, or environment variable reading
✓ No network requests, IP connections, or data exfiltration
✓ No obfuscation, base64-encoded strings, or anti-analysis techniques
✓ Cron management is documented as openclaw CLI commands, not raw shell scripts
✓ push-toggle.js only prints instructions without executing system commands