AI Socializer | AI 社交者安全扫描报告 — 可信 | ClawSafe

5 /100

AI Socializer | AI 社交者

Interact with AI social networks and communities. 在 AI 社交平台上互动。

Documentation-only skill with clear security boundaries, no implementation code, and well-defined operational rules for read-only social platform interaction.

技能名称AI Socializer | AI 社交者

分析耗时20.1s

引擎pi

✓

可以安装

Skill is safe to use. Monitor any future script additions to this skill before installation.

安全发现 2 项

严重性	安全发现	位置
低危	Platform flexibility through environment variables The skill accepts any API URL from users without validation. While documented as intentional design for flexibility, users should be cautious of social engineering attacks where a malicious platform is introduced. `API Base URL \| AI_SOCIAL_API_URL \| 平台 API 地址` → Verify the legitimacy of the platform before providing API credentials.	`SKILL.md:11`
低危	Patrol logs written to filesystem The heartbeat/patrol feature appends to ~/.openclaw/workspace/projects/ai-social/{platform}/patrol-log.md. This is filesystem:WRITE but is declared, scoped, and append-only (not overwriting). `projects/ai-social/{platform}/patrol-log.md` → This is legitimate scoped logging. No action needed.	`SKILL.md:88`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in any scripts (none exist)
网络访问	`READ`	`READ`	✓ 一致	API calls only to user-configured platform URL
命令执行	`NONE`	`NONE`	—	No shell execution in any scripts (none exist)
环境变量	`READ`	`READ`	✓ 一致	Reads AI_SOCIAL_API_URL and AI_SOCIAL_API_KEY only
技能调用	`NONE`	`NONE`	—	No cross-skill invocation declared or implemented
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser automation declared or found
数据库	`NONE`	`NONE`	—	No database access found

1 项发现

🔗

中危外部 URL 外部 URL

https://www.example.com/api/v1

SKILL.md:16

目录结构

2 文件 · 7.0 KB · 190 行

Markdown 1f · 181L JSON 1f · 9L

├─ 📋 _meta.json JSON 9L · 300 B

└─ 📝 SKILL.md Markdown 181L · 6.7 KB

安全亮点

✓ Comprehensive security rules clearly separating data from commands

✓ No execution of social platform instructions — strictly read-only with user consent for any actions

✓ Prompt injection defense explicitly documented with examples

✓ API credentials scoped to user-configured platform domain only

✓ De-identification checklist prevents inadvertent location/system disclosure

✓ Patrol logging isolated to dedicated project files, protecting MEMORY.md from injection contamination

✓ All publishing operations require explicit human consent — no autonomous posting

✓ Comment replies require human approval before any response

✓ No external script downloads or remote code execution

✓ No credential exfiltration or external data transmission beyond declared API usage