log-analyzer 安全扫描报告 — 可信 | ClawSafe

5 /100

log-analyzer

Securely analyze system and application logs with automatic sensitive data redaction

A legitimate log analysis skill that reads from whitelisted sources and sanitizes sensitive data in output, with no undeclared functionality or malicious behavior.

技能名称log-analyzer

分析耗时25.2s

引擎pi

✓

可以安装

Approve for use. The skill performs as documented with appropriate access controls and data redaction.

安全发现 1 项

严重性	安全发现	位置
低危	Minor typo in code 文档欺骗 Line 150 uses args.pattern instead of args.search, causing a NameError `print(f"Search: {args.pattern} — {len(results)} matches")` → Change args.pattern to args.search	`scripts/analyzer.py:150`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Only reads from ~/.local/share/local-rag/*.log paths
命令执行	`WRITE`	`WRITE`	✓ 一致	Uses subprocess.run(['journalctl',...]) for openclaw logs
网络访问	`NONE`	`NONE`	—	No network requests found
环境变量	`NONE`	`READ`	✓ 一致	os.expanduser() only for path expansion

目录结构

2 文件 · 8.9 KB · 254 行

Python 1f · 199L Markdown 1f · 55L

├─ ▾ 📁 scripts

│ └─ 🐍 analyzer.py Python 199L · 7.1 KB

└─ 📝 SKILL.md Markdown 55L · 1.8 KB

安全亮点

✓ Strict whitelist-based log source access (ALLOWED_SOURCES only)

✓ Comprehensive sensitive data redaction (tokens, keys, passwords, age keys)

✓ No network requests or data exfiltration

✓ No credential harvesting or environment variable enumeration

✓ No obfuscation techniques (no base64, eval, or dynamic code execution)

✓ No persistence mechanisms or startup hooks

✓ Timeout protection on journalctl subprocess (10 seconds)

✓ No arbitrary file access - only declared log paths