中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:21 hr ago Rescan
10 /100
agent-Andri
Agent Andri — periodic status reporter writing to meeting-room file
A simple local status-reporting agent that periodically writes to a flat text file in a designated directory, with behavior fully aligned with its documentation.
Skill Nameagent-Andri
Duration20.6s
Enginepi
Safe to install
Skill is safe to use. The infinite while-loop in status_report.sh is a minor design concern for long-running sessions but does not constitute a security threat.

Findings 2 items

Severity Finding Location
Low
Writes to hidden dot-directory under $HOME Sensitive Access
The script writes to $HOME/.openclaw/workspace/skills/meeting-room/to_leader.txt. This path is under a hidden dot-directory, which is benign but worth noting.
BASE_DIR="$HOME/.openclaw/workspace/skills/meeting-room"
→ This is declared in SKILL.md and is the intended behavior. No action required.
 scripts/status_report.sh:9
Low
Infinite loop without signal handling Sensitive Access
The while-true loop in status_report.sh runs indefinitely with no trap for SIGTERM or SIGINT, which may leave zombie processes.
while true; do ... sleep 30; done
→ Consider adding a trap to handle termination signals gracefully.
 scripts/status_report.sh:12
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned SKILL.md declares writing to ~/.../to_leader.txt; scripts/status_report.sh line …

File Tree

2 files · 983 B · 26 lines
Shell 1f · 15L Markdown 1f · 11L
├─ 📁 scripts
│ └─ 🔧 status_report.sh Shell 15L · 386 B
└─ 📝 SKILL.md Markdown 11L · 597 B

Security Positives

✓ All capabilities declared in SKILL.md are used exactly as documented
✓ No external network requests or data exfiltration
✓ No credential harvesting or environment variable exfiltration
✓ No obfuscation, base64 encoding, or suspicious code patterns
✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply-chain risks — no dependencies declared or used
✓ Script uses set -euo pipefail for safe shell execution