扫描报告
0 /100
WhatsApp Whitelist Skill (Word Trigger)
Manages whitelist sets of phone numbers and sends WhatsApp messages via OpenClaw CLI
Legitimate WhatsApp whitelist management skill that correctly uses filesystem:WRITE for local JSON storage and shell:WRITE for the openclaw CLI, with no undeclared behavior, network access, credential harvesting, or data exfiltration.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | word-trigger.js:18-31 creates data directory and JSON files |
| 命令执行 | WRITE | WRITE | ✓ 一致 | word-trigger.js:65-71 uses execFile to run openclaw CLI commands |
| 网络访问 | NONE | NONE | — | No HTTP requests or socket connections in codebase |
| 环境变量 | NONE | NONE | — | No os.environ access or credential file reads |
| 技能调用 | NONE | NONE | — | No skill recursion or inter-skill calls |
目录结构
2 文件 · 13.8 KB · 458 行 JavaScript 1f · 401L
Markdown 1f · 57L
├─
SKILL.md
Markdown
└─
word-trigger.js
JavaScript
安全亮点
✓ No HTTP requests or external network connectivity
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, eval, or shell injection vectors
✓ No curl|bash or wget|sh remote script execution
✓ Filesystem writes are scoped to local data/ directory only
✓ Phone number validation prevents injection
✓ Set name validation prevents path traversal
✓ All operations are declared in SKILL.md