typescript-package-manager 安全扫描报告 — 可信 | ClawSafe

0 /100

typescript-package-manager

Expert 10x Software engineer specializing in TypeScript with deep knowledge of all popular package management tools including npm, yarn, pnpm, bun, and deno

A legitimate TypeScript package management knowledge skill with reference scripts that generate configuration templates and installation instructions. No malicious patterns found.

技能名称typescript-package-manager

分析耗时39.5s

引擎pi

✓

可以安装

No action required. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	SKILL.md does not declare filesystem access; scripts read only local project fil…
网络访问	`NONE`	`NONE`	—	No network requests made; curl patterns are printed as user instructions, not ex…
命令执行	`NONE`	`NONE`	—	Scripts use execSync only for local diagnostics (version checks, tool detection)…
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

2 严重 50 项发现

💀

严重危险命令危险 Shell 命令

curl -fsSL https://bun.sh/install | bash

scripts/bun-workflow.js:195

💀

严重危险命令危险 Shell 命令

curl -fsSL https://get.pnpm.io/install.sh | sh

scripts/pnpm-workflow.md:51

🔗

中危外部 URL 外部 URL

https://yourwebsite.com

assets/package-json-template.md:25

🔗

中危外部 URL 外部 URL

https://docs.npmjs.com/cli/v9/configuring-npm/package-json

assets/package-json-template.md:521

🔗

中危外部 URL 外部 URL

https://nodejs.org/api/packages.html

assets/package-json-template.md:522

🔗

中危外部 URL 外部 URL

https://www.typescriptlang.org/docs/handbook/module-resolution.html

assets/package-json-template.md:523

🔗

中危外部 URL 外部 URL

https://www.typescriptlang.org/docs/handbook/integrating-with-build-tools.html

references/integration-with-build-tools.md:13

🔗

中危外部 URL 外部 URL

https://vitejs.dev/guide/

references/integration-with-build-tools.md:614

🔗

中危外部 URL 外部 URL

https://webpack.js.org/concepts/

references/integration-with-build-tools.md:615

🔗

中危外部 URL 外部 URL

https://esbuild.github.io/

references/integration-with-build-tools.md:616

🔗

中危外部 URL 外部 URL

https://turbo.build/repo/docs

references/integration-with-build-tools.md:617

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Npm

references/package-management.md:13

🔗

中危外部 URL 外部 URL

https://pnpm.io/

references/package-management.md:45

🔗

中危外部 URL 外部 URL

https://semver.org/

references/package-management.md:96

🔗

中危外部 URL 外部 URL

https://registry.company.com

references/package-management.md:214

🔗

中危外部 URL 外部 URL

https://npm.company.com

references/package-management.md:217

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/APT_(software

references/package-management.md:285

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/DNF_(software

references/package-management.md:286

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Zypp

references/package-management.md:287

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Homebrew_(package_manager

references/package-management.md:288

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Pip_(package_manager

references/package-management.md:292

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Rust_(programming_language

references/package-management.md:293

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Apache_Maven

references/package-management.md:294

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Conda_(package_manager

references/package-management.md:295

🔗

中危外部 URL 外部 URL

https://pdm-project.org/en/latest/

references/package-management.md:301

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Open_Container_Initiative

references/package-management.md:306

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Flatpak

references/package-management.md:307

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/Snap_(software

references/package-management.md:308

🔗

中危外部 URL 外部 URL

https://en.wikipedia.org/wiki/AppImage

references/package-management.md:309

🔗

中危外部 URL 外部 URL

https://flox.dev/blog/package-managers-and-package-management-a-guide-for-the-perplexed/

references/package-management.md:313

🔗

中危外部 URL 外部 URL

https://hub.flox.dev/packages

references/package-management.md:315

🔗

中危外部 URL 外部 URL

https://docs.docker.com/build/building/best-practices/

references/package-management.md:316

🔗

中危外部 URL 外部 URL

https://bun.sh/docs/runtime/bunfig

scripts/bun-workflow.js:120

🔗

中危外部 URL 外部 URL

https://registry.myorg.com/

scripts/bun-workflow.js:134

🔗

中危外部 URL 外部 URL

https://bun.sh/install

scripts/bun-workflow.js:195

🔗

中危外部 URL 外部 URL

https://bun.sh/docs

scripts/bun-workflow.md:5

🔗

中危外部 URL 外部 URL

https://npm.mycompany.com/

scripts/bun-workflow.md:361

🔗

中危外部 URL 外部 URL

https://www.typescriptlang.org/tsconfig/

scripts/health-check.md:6

🔗

中危外部 URL 外部 URL

https://www.typescriptlang.org/docs/handbook/declaration-files/do-s-and-don-ts.html

scripts/health-check.md:7

🔗

中危外部 URL 外部 URL

https://docs.npmjs.com/

scripts/npm-workflow.md:5

🔗

中危外部 URL 外部 URL

https://get.pnpm.io/install.ps1

scripts/pnpm-workflow.md:48

🔗

中危外部 URL 外部 URL

https://get.pnpm.io/install.sh

scripts/pnpm-workflow.md:51

🔗

中危外部 URL 外部 URL

https://npm.company.com/

scripts/pnpm-workflow.md:308

🔗

中危外部 URL 外部 URL

https://pnpm.io/cli/add

scripts/pnpm-workflow.md:692

🔗

中危外部 URL 外部 URL

https://pnpm.io/workspaces

scripts/pnpm-workflow.md:693

🔗

中危外部 URL 外部 URL

https://pnpm.io/benchmarks

scripts/pnpm-workflow.md:695

🔗

中危外部 URL 外部 URL

https://yarnpkg.com/

scripts/yarn-workflow.md:5

🔗

中危外部 URL 外部 URL

https://yarnpkg.com/getting-started/migration

scripts/yarn-workflow.md:827

🔗

中危外部 URL 外部 URL

https://yarnpkg.com/features/pnp

scripts/yarn-workflow.md:829

🔗

中危外部 URL 外部 URL

https://yarnpkg.com/features/workspaces

scripts/yarn-workflow.md:830

目录结构

13 文件 · 164.8 KB · 6923 行

Markdown 10f · 5899L JavaScript 3f · 1024L

├─ ▾ 📁 assets

│ ├─ 📝 package-json-template.md Markdown 523L · 10.3 KB

│ └─ 📝 package-manager-comparison.md Markdown 289L · 8.6 KB

├─ ▾ 📁 references

│ ├─ 📝 integration-with-build-tools.md Markdown 617L · 10.3 KB

│ └─ 📝 package-management.md Markdown 316L · 8.5 KB

├─ ▾ 📁 scripts

│ ├─ 📜 bun-workflow.js JavaScript 383L · 13.4 KB

│ ├─ 📝 bun-workflow.md Markdown 682L · 13.4 KB

│ ├─ 📜 health-check.js JavaScript 313L · 12.9 KB

│ ├─ 📝 health-check.md Markdown 947L · 26.0 KB

│ ├─ 📜 npm-workflow.js JavaScript 328L · 12.4 KB

│ ├─ 📝 npm-workflow.md Markdown 692L · 13.9 KB

│ ├─ 📝 pnpm-workflow.md Markdown 695L · 11.6 KB

│ └─ 📝 yarn-workflow.md Markdown 830L · 13.6 KB

└─ 📝 SKILL.md Markdown 308L · 9.9 KB

安全亮点

✓ Self-contained scripts with no external dependencies

✓ All shell usage (execSync) is limited to safe local diagnostics: version checks, tool detection, file existence

✓ curl|bash patterns in bun-workflow.js are printed as migration instructions via console.log(), not executed

✓ curl|sh patterns in markdown files are documentation, not executable code

✓ No credential harvesting, no API key access, no environment variable enumeration

✓ No base64 encoding, no obfuscation, no anti-analysis techniques

✓ Scripts read only local project files (package.json, tsconfig.json) when present, no sensitive path access

✓ No network exfiltration or C2 communication patterns

✓ Skill is purely knowledge/reference with template-generating scripts