扫描报告
10 /100
Claude Agent
作为项目经理操作 Claude Code 完全体。包含:任务执行(提示词设计→执行→监控→质量检查→迭代→汇报)
The claude-agent skill is a well-documented project manager wrapper for Claude Code with transparent shell operations, no credential harvesting, and no data exfiltration beyond its stated notification purpose.
可以安装
No action needed. The skill is safe to use with standard Claude Code permissions.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Minor doc-to-code alignment gap 文档欺骗 | hooks/start_claude.sh:40 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | SKILL.md does not claim filesystem access; Claude Code handles actual file opera… |
| 网络访问 | READ | READ | ✓ 一致 | openclaw CLI tool handles notifications; no direct network sockets opened |
| 命令执行 | WRITE | WRITE | ✓ 一致 | tmux + claude subprocess in start_claude.sh:25-26; subprocess.Popen in on_comple… |
| 环境变量 | READ | READ | ✓ 一致 | Reads CLAUDE_AGENT_CHAT_ID, CLAUDE_AGENT_CHANNEL, etc. in on_complete.py:43-68 |
| 剪贴板 | NONE | NONE | — | No clipboard access in any script |
| 浏览器 | NONE | NONE | — | No browser automation in any script |
| 数据库 | NONE | NONE | — | No database access in any script |
7 项发现
中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code INSTALL.md:8 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/overview knowledge/UPDATE_PROTOCOL.md:28 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/cli-usage knowledge/UPDATE_PROTOCOL.md:29 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/settings knowledge/UPDATE_PROTOCOL.md:30 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/hooks knowledge/UPDATE_PROTOCOL.md:31 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/mcp knowledge/UPDATE_PROTOCOL.md:32 中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/memory knowledge/UPDATE_PROTOCOL.md:33 目录结构
22 文件 · 76.8 KB · 2472 行 Markdown 15f · 1978L
Python 1f · 246L
Shell 4f · 246L
Text 2f · 2L
├─
▾
hooks
│ ├─
on_complete.py
Python
│ ├─
pane_monitor.sh
Shell
│ ├─
start_claude.sh
Shell
│ └─
stop_claude.sh
Shell
├─
▾
knowledge
│ ├─
capabilities.md
Markdown
│ ├─
changelog.md
Markdown
│ ├─
config_schema.md
Markdown
│ ├─
features.md
Markdown
│ ├─
prompting_patterns.md
Markdown
│ └─
UPDATE_PROTOCOL.md
Markdown
├─
▾
references
│ └─
claude-code-reference.md
Markdown
├─
▾
scripts
│ └─
publish_clawhub.sh
Shell
├─
▾
state
│ ├─
last_updated.txt
Text
│ └─
version.txt
Text
├─
▾
workflows
│ ├─
knowledge_update.md
Markdown
│ └─
standard_task.md
Markdown
├─
CHANGELOG.md
Markdown
├─
INSTALL.md
Markdown
├─
README_EN.md
Markdown
├─
README.md
Markdown
├─
SECURITY.md
Markdown
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
bash | user-installed | system | 否 | Shell interpreter required by scripts |
tmux | user-installed | system | 否 | Terminal multiplexer required for session management |
openclaw | user-installed | system | 否 | CLI tool for notifications and agent wake; used as command executor, not imported |
claude | user-installed | system | 否 | Claude Code CLI, the primary target of this wrapper skill |
安全亮点
✓ Uses only Python standard library (no external pip dependencies)
✓ SECURITY.md provides comprehensive hardening guidance
✓ Notification mode defaults to 'event' (minimal data disclosure)
✓ No credential harvesting or API key exfiltration
✓ All subprocess calls use the openclaw CLI tool (user-installed)
✓ No base64 encoding, eval(), or obfuscation techniques
✓ No remote script execution (curl|bash, wget|sh)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Clear separation: skill handles orchestration, Claude Code handles actual file operations
✓ Hardcoded fallback defaults prevent silent failures