workwork 安全扫描报告 — 可信 | ClawSafe

5 /100

workwork

Academic review writer and formatting assistant for Chinese academic papers

This is a legitimate academic document processing skill with properly declared filesystem and network access for reference checking and document generation. No malicious behavior detected.

技能名称workwork

分析耗时40.6s

引擎pi

✓

可以安装

This skill is safe to use for its documented purpose of academic paper validation and formatting.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md declares file reading for markdown input
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares report generation and file output
网络访问	`READ`	`READ`	✓ 一致	api.crossref.org calls for reference verification are documented
命令执行	`WRITE`	`WRITE`	✓ 一致	Auto-open functionality uses subprocess, declared in docs

2 项发现

🔗

中危外部 URL 外部 URL

http://schemas.openxmlformats.org/wordprocessingml/2006/main

scripts/extract_ref_format.py:20

🔗

中危外部 URL 外部 URL

https://api.crossref.org/works?query=

scripts/literature_integrity_checker.py:299

目录结构

25 文件 · 221.1 KB · 6621 行

Python 14f · 4131L Markdown 7f · 1818L JavaScript 2f · 530L YAML 1f · 88L JSON 1f · 54L

├─ ▾ 📁 references

│ ├─ 📝 features_checklist.md Markdown 464L · 11.7 KB

│ └─ 📝 workflow_guide.md Markdown 415L · 11.1 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 analyze_citation_pattern.py Python 224L · 8.1 KB

│ ├─ 🐍 check_duplicate_citations.py Python 130L · 4.3 KB

│ ├─ 📜 create_word_doc_v3.js JavaScript 175L · 4.3 KB

│ ├─ 📜 create_word_with_superscript.js JavaScript 355L · 9.4 KB

│ ├─ 🐍 document_format_checker.py Python 544L · 19.8 KB

│ ├─ 🐍 extract_and_fix_references.py Python 118L · 3.3 KB

│ ├─ 🐍 extract_ref_format.py Python 34L · 889 B

│ ├─ 🐍 filter_references.py Python 116L · 3.3 KB

│ ├─ 🐍 literature_integrity_checker_auto_open.py Python 361L · 13.8 KB

│ ├─ 🐍 literature_integrity_checker.py Python 520L · 20.5 KB

│ ├─ 🐍 merge_duplicate_citations_in_paragraphs.py Python 188L · 6.3 KB

│ ├─ 🐍 reference_accuracy_checker.py Python 468L · 16.7 KB

│ ├─ 🐍 reference_formatter.py Python 474L · 17.6 KB

│ ├─ 🐍 simple_verify.py Python 96L · 2.8 KB

│ ├─ 🐍 typo_grammar_checker.py Python 396L · 13.8 KB

│ └─ 🐍 unified_checker.py Python 462L · 16.4 KB

├─ ▾ 📁 templates

│ └─ 📋 ref_format_default.yml YAML 88L · 2.3 KB

├─ 📝 CHANGELOG.md Markdown 170L · 4.8 KB

├─ 📋 package.json JSON 54L · 1.8 KB

├─ 📝 README.md Markdown 214L · 6.5 KB

├─ 📝 SKILL.md Markdown 476L · 18.1 KB

├─ 📝 test_sample_with_errors.md Markdown 22L · 587 B

└─ 📝 test_sample.md Markdown 57L · 2.8 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`docx`	`^9.6.1`	npm	否	Standard document generation library
`pyyaml`	`*`	pip	否	For configuration file parsing
`python-docx`	`*`	pip	否	Optional, for Word document manipulation

安全亮点

✓ No credential harvesting or environment variable access

✓ No base64 encoded commands or obfuscated payloads

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No remote code execution patterns (curl|bash, wget|sh)

✓ No data exfiltration or C2 communications

✓ No reverse shell capabilities

✓ All subprocess/network operations are documented and relevant to the skill's purpose

✓ Uses standard libraries (urllib, subprocess) with legitimate academic document processing

✓ No hidden functionality - all capabilities match documentation