Scan Report
10 /100
Claude Agent
作为项目经理操作 Claude Code 完全体。包含:任务执行(提示词设计→执行→监控→质量检查→迭代→汇报)
The claude-agent skill is a well-documented project manager wrapper for Claude Code with transparent shell operations, no credential harvesting, and no data exfiltration beyond its stated notification purpose.
Safe to install
No action needed. The skill is safe to use with standard Claude Code permissions.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Minor doc-to-code alignment gap Doc Mismatch | hooks/start_claude.sh:40 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | WRITE | ✓ Aligned | SKILL.md does not claim filesystem access; Claude Code handles actual file opera… |
| Network | READ | READ | ✓ Aligned | openclaw CLI tool handles notifications; no direct network sockets opened |
| Shell | WRITE | WRITE | ✓ Aligned | tmux + claude subprocess in start_claude.sh:25-26; subprocess.Popen in on_comple… |
| Environment | READ | READ | ✓ Aligned | Reads CLAUDE_AGENT_CHAT_ID, CLAUDE_AGENT_CHANNEL, etc. in on_complete.py:43-68 |
| Clipboard | NONE | NONE | — | No clipboard access in any script |
| Browser | NONE | NONE | — | No browser automation in any script |
| Database | NONE | NONE | — | No database access in any script |
7 findings
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code INSTALL.md:8 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/overview knowledge/UPDATE_PROTOCOL.md:28 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/cli-usage knowledge/UPDATE_PROTOCOL.md:29 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/settings knowledge/UPDATE_PROTOCOL.md:30 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/hooks knowledge/UPDATE_PROTOCOL.md:31 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/mcp knowledge/UPDATE_PROTOCOL.md:32 Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/memory knowledge/UPDATE_PROTOCOL.md:33 File Tree
22 files · 76.8 KB · 2472 lines Markdown 15f · 1978L
Python 1f · 246L
Shell 4f · 246L
Text 2f · 2L
├─
▾
hooks
│ ├─
on_complete.py
Python
│ ├─
pane_monitor.sh
Shell
│ ├─
start_claude.sh
Shell
│ └─
stop_claude.sh
Shell
├─
▾
knowledge
│ ├─
capabilities.md
Markdown
│ ├─
changelog.md
Markdown
│ ├─
config_schema.md
Markdown
│ ├─
features.md
Markdown
│ ├─
prompting_patterns.md
Markdown
│ └─
UPDATE_PROTOCOL.md
Markdown
├─
▾
references
│ └─
claude-code-reference.md
Markdown
├─
▾
scripts
│ └─
publish_clawhub.sh
Shell
├─
▾
state
│ ├─
last_updated.txt
Text
│ └─
version.txt
Text
├─
▾
workflows
│ ├─
knowledge_update.md
Markdown
│ └─
standard_task.md
Markdown
├─
CHANGELOG.md
Markdown
├─
INSTALL.md
Markdown
├─
README_EN.md
Markdown
├─
README.md
Markdown
├─
SECURITY.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
bash | user-installed | system | No | Shell interpreter required by scripts |
tmux | user-installed | system | No | Terminal multiplexer required for session management |
openclaw | user-installed | system | No | CLI tool for notifications and agent wake; used as command executor, not imported |
claude | user-installed | system | No | Claude Code CLI, the primary target of this wrapper skill |
Security Positives
✓ Uses only Python standard library (no external pip dependencies)
✓ SECURITY.md provides comprehensive hardening guidance
✓ Notification mode defaults to 'event' (minimal data disclosure)
✓ No credential harvesting or API key exfiltration
✓ All subprocess calls use the openclaw CLI tool (user-installed)
✓ No base64 encoding, eval(), or obfuscation techniques
✓ No remote script execution (curl|bash, wget|sh)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Clear separation: skill handles orchestration, Claude Code handles actual file operations
✓ Hardcoded fallback defaults prevent silent failures