扫描报告
5 /100
cal-candy
Local markdown-based calendar management
Benign markdown-based calendar CLI with no security issues - only performs declared local filesystem operations.
可以安装
No action needed. This is a legitimate calendar management tool.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ/WRITE | READ/WRITE | ✓ 一致 | SKILL.md declares calendar storage in ~/.openclaw/workspace/calendar/ |
1 项发现
提示 邮箱 邮箱地址
[email protected] SKILL.md:4 目录结构
2 文件 · 18.9 KB · 600 行 Python 1f · 511L
Markdown 1f · 89L
├─
▾
scripts
│ └─
mdcal.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
rich | * | pip | 否 | Used for terminal formatting only, version not pinned |
安全亮点
✓ Clean codebase with only standard library imports plus 'rich'
✓ All operations are local - no network requests whatsoever
✓ Data stored only in designated calendar directory (~/.openclaw/workspace/calendar/)
✓ No credential access or environment variable harvesting for sensitive data
✓ No shell execution or subprocess calls
✓ No base64, eval, or other code execution patterns
✓ No hidden functionality - implementation matches documentation exactly