中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
breakfast-recommender
智能早餐推荐助手,根据冰箱食材推荐早餐、管理食材、记录偏好与历史
A straightforward breakfast recommendation skill with no security concerns—operates solely on filesystem operations to a well-defined directory for managing fridge inventory and history.
技能名称breakfast-recommender
分析耗时101.5s
引擎pi
可以安装
This skill is safe to use. No security controls needed.

安全发现 1 项

严重性 安全发现 位置
提示
Sample data files present
The references/ directory contains sample fridge.md and history.md files with hardcoded test data (e.g., eggs, hand pie, corn). These are legitimate sample data for demonstration purposes.
鸡蛋(数量未知), 手抓饼 x 2, 玉米 x 1 根
→ No action needed. Sample data is clearly labeled in the references/ directory and serves as documentation.
 references/fridge.md, references/history.md:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares writes to ~/.openclaw/workspace/breakfast-recommender/
命令执行 WRITE NONE ✓ 一致 cron usage declared in Scenario 3, no other shell execution observed
网络访问 NONE NONE No network activity detected
环境变量 NONE NONE No environment variable access observed
数据库 NONE NONE Uses flat markdown files, not a database

目录结构

3 文件 · 6.8 KB · 189 行
Markdown 3f · 189L
├─ 📁 references
│ ├─ 📝 fridge.md Markdown 12L · 150 B
│ └─ 📝 history.md Markdown 6L · 281 B
└─ 📝 SKILL.md Markdown 171L · 6.3 KB

安全亮点

✓ All file operations are scoped to a well-defined directory: ~/.openclaw/workspace/breakfast-recommender/
✓ No network requests or external communications
✓ No credential, SSH key, or sensitive path access
✓ No shell command injection vectors (eval, base64, subprocess to external commands)
✓ Cron usage for scheduling is explicitly declared in SKILL.md
✓ Data format is simple markdown—no binary payloads or encoded content
✓ No third-party dependencies or package requirements
✓ Skill is purely a lifestyle tool with no attack surface