中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
log-analyzer
Securely analyze system and application logs with automatic sensitive data redaction
A legitimate log analysis skill that reads from whitelisted sources and sanitizes sensitive data in output, with no undeclared functionality or malicious behavior.
Skill Namelog-analyzer
Duration25.2s
Enginepi
Safe to install
Approve for use. The skill performs as documented with appropriate access controls and data redaction.

Findings 1 items

Severity Finding Location
Low
Minor typo in code Doc Mismatch
Line 150 uses args.pattern instead of args.search, causing a NameError
print(f"Search: {args.pattern} — {len(results)} matches")
→ Change args.pattern to args.search
 scripts/analyzer.py:150
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Only reads from ~/.local/share/local-rag/*.log paths
Shell WRITE WRITE ✓ Aligned Uses subprocess.run(['journalctl',...]) for openclaw logs
Network NONE NONE No network requests found
Environment NONE READ ✓ Aligned os.expanduser() only for path expansion

File Tree

2 files · 8.9 KB · 254 lines
Python 1f · 199L Markdown 1f · 55L
├─ 📁 scripts
│ └─ 🐍 analyzer.py Python 199L · 7.1 KB
└─ 📝 SKILL.md Markdown 55L · 1.8 KB

Security Positives

✓ Strict whitelist-based log source access (ALLOWED_SOURCES only)
✓ Comprehensive sensitive data redaction (tokens, keys, passwords, age keys)
✓ No network requests or data exfiltration
✓ No credential harvesting or environment variable enumeration
✓ No obfuscation techniques (no base64, eval, or dynamic code execution)
✓ No persistence mechanisms or startup hooks
✓ Timeout protection on journalctl subprocess (10 seconds)
✓ No arbitrary file access - only declared log paths