Scan Report
5 /100
breakfast-recommender
智能早餐推荐助手,根据冰箱食材推荐早餐、管理食材、记录偏好与历史
A straightforward breakfast recommendation skill with no security concerns—operates solely on filesystem operations to a well-defined directory for managing fridge inventory and history.
Safe to install
This skill is safe to use. No security controls needed.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Info | Sample data files present | references/fridge.md, references/history.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares writes to ~/.openclaw/workspace/breakfast-recommender/ |
| Shell | WRITE | NONE | ✓ Aligned | cron usage declared in Scenario 3, no other shell execution observed |
| Network | NONE | NONE | — | No network activity detected |
| Environment | NONE | NONE | — | No environment variable access observed |
| Database | NONE | NONE | — | Uses flat markdown files, not a database |
File Tree
3 files · 6.8 KB · 189 lines Markdown 3f · 189L
├─
▾
references
│ ├─
fridge.md
Markdown
│ └─
history.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ All file operations are scoped to a well-defined directory: ~/.openclaw/workspace/breakfast-recommender/
✓ No network requests or external communications
✓ No credential, SSH key, or sensitive path access
✓ No shell command injection vectors (eval, base64, subprocess to external commands)
✓ Cron usage for scheduling is explicitly declared in SKILL.md
✓ Data format is simple markdown—no binary payloads or encoded content
✓ No third-party dependencies or package requirements
✓ Skill is purely a lifestyle tool with no attack surface