Scan Report
10 /100
Workspace Heartbeat Integration
将 workspace HEARTBEAT.md 与 self-improving heartbeat-state 同步,自动记录工作成果并更新长期记忆
A legitimate workspace heartbeat synchronization tool that uses only Python standard library with no suspicious behavior, credential access, network requests, or obfuscation. All file operations are scoped to declared workspace paths.
Safe to install
This skill is safe to use. No security concerns identified. The hardcoded /root/.openclaw/workspace path is intentional and matches the skill's purpose.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares workspace memory/ write access; integration.py lines 60-75 imp… |
| Network | NONE | NONE | — | No network requests in integration.py - uses only standard library |
| Shell | NONE | NONE | — | No subprocess or shell execution in Python code |
| Environment | NONE | NONE | — | No os.environ iteration or credential harvesting |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser tool usage |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://clawhub.ai/skills/workspace-heartbeat-integration skill.json:6 File Tree
6 files · 19.7 KB · 604 lines Python 2f · 350L
Markdown 1f · 171L
Shell 1f · 71L
JSON 1f · 11L
Text 1f · 1L
├─
▾
source
│ └─
integration.py
Python
├─
▾
tests
│ └─
test_basic.py
Python
├─
install.sh
Shell
├─
requirements.txt
Text
├─
skill.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
None (standard library only) | N/A | pip | No | No external dependencies - uses only json, os, datetime, pathlib, sys, re |
Security Positives
✓ Uses only Python standard library (json, os, datetime, pathlib) - no external dependencies
✓ All file operations scoped to declared workspace paths (~/.openclaw/workspace)
✓ No network requests or data exfiltration
✓ No credential harvesting or environment variable iteration
✓ No obfuscation, base64 encoding, or eval() usage
✓ Well-documented SKILL.md with clear architecture and examples
✓ Comprehensive unit tests with tempfile isolation
✓ Idempotent operations prevent duplicate log entries
✓ Thread-safe with file locks mentioned in documentation