扫描报告
5 /100
design-analysis
自动化设计分析工具,用于分析设计素材并生成结构化的HTML演示文档
Design Analysis skill is a straightforward HTML presentation generator with no malicious behavior detected. It legitimately scans image folders and writes HTML output with no network access, credential harvesting, or hidden functionality.
可以安装
This skill is safe to use. No security concerns identified. Continue normal usage.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ,WRITE | READ,WRITE | ✓ 一致 | index.js: reads inputFolder, writes outputFile |
| 网络访问 | NONE | NONE | — | No network calls found |
| 命令执行 | NONE | NONE | — | execSync only in test.js with hardcoded args |
| 环境变量 | NONE | NONE | — | No env access |
| 剪贴板 | NONE | NONE | — | Not used |
| 浏览器 | NONE | NONE | — | Not used |
| 数据库 | NONE | NONE | — | Not used |
2 项发现
中危 外部 URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Using_HTML5 SKILL.md:153 中危 外部 URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Flexible_Box_Layout SKILL.md:154 目录结构
10 文件 · 75.8 KB · 2413 行 JavaScript 3f · 918L
HTML 2f · 876L
Markdown 3f · 503L
Shell 1f · 81L
JSON 1f · 35L
├─
index.js
JavaScript
├─
install.sh
Shell
├─
OPENCLAW.md
Markdown
├─
package.json
JSON
├─
README.md
Markdown
├─
run.js
JavaScript
├─
SKILL.md
Markdown
├─
TEST_01_OUTPUT.html
HTML
├─
TEST_02_OUTPUT.html
HTML
└─
test.js
JavaScript
安全亮点
✓ Zero external dependencies - no supply chain attack surface
✓ All capabilities declared and accurate in SKILL.md
✓ No credential access or sensitive file enumeration
✓ No network egress - all operations are local
✓ No obfuscation or base64-encoded execution
✓ Output is deterministic HTML with embedded CSS/JS - auditable
✓ Test.js execSync uses only hardcoded arguments (no user input injection)
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)