command-guardian Security Report — Trusted | ClawSafe

5 /100

command-guardian

Preflight safety guard for shell and infrastructure commands

Command Guardian是一个合法的安全预检工具，仅对输入命令进行静态分析，风险评估与文档完全一致，无越权操作

Skill Namecommand-guardian

Duration36.5s

Enginepi

✓

Safe to install

该技能安全可用，allowed-tools映射合理，subprocess仅用于git信息查询

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`READ`	✓ Aligned	preflight.py读取命令输入并输出分析报告
Shell	`READ`	`READ`	✓ Aligned	guardlib.py:305 git_context()调用subprocess获取git信息
Environment	`READ`	`READ`	✓ Aligned	guardlib.py:108 resolve_path()使用os.path.expandenv/os.path.expanduser
Network	`NONE`	`NONE`	—	代码无任何网络请求
Database	`NONE`	`NONE`	—	代码无数据库操作

2 Critical 2 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl | sh

SKILL.md:54

💀

Critical Dangerous Command 危险 Shell 命令

wget | bash

references/tool-patterns.md:30

File Tree

10 files · 36.7 KB · 1041 lines

Python 6f · 840L Markdown 3f · 193L YAML 1f · 8L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 8L · 300 B

├─ ▾ 📁 references

│ ├─ 📝 risk-rules.md Markdown 41L · 1.3 KB

│ └─ 📝 tool-patterns.md Markdown 42L · 1.4 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 classify_command.py Python 15L · 307 B

│ ├─ 🐍 guardlib.py Python 718L · 26.0 KB

│ ├─ 🐍 path_guard.py Python 17L · 466 B

│ ├─ 🐍 preflight.py Python 60L · 1.9 KB

│ ├─ 🐍 rollback_hints.py Python 15L · 317 B

│ └─ 🔑 secret_guard.py ⚠ Python 15L · 315 B

└─ 📝 SKILL.md Markdown 110L · 4.4 KB

✓ 文档完整清晰，所有声明的功能均有代码实现

✓ subprocess仅用于git rev-parse/status获取仓库上下文，不执行用户命令

✓ 无内联凭证收割、无远程脚本下载执行

✓ 工具仅为分析器，不对目标命令执行任何写入操作

✓ 权限声明(WRITE for filesystem)合理用于输出报告