中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
Workspace Heartbeat Integration
将 workspace HEARTBEAT.md 与 self-improving heartbeat-state 同步,自动记录工作成果并更新长期记忆
A legitimate workspace heartbeat synchronization tool that uses only Python standard library with no suspicious behavior, credential access, network requests, or obfuscation. All file operations are scoped to declared workspace paths.
技能名称Workspace Heartbeat Integration
分析耗时26.3s
引擎pi
可以安装
This skill is safe to use. No security concerns identified. The hardcoded /root/.openclaw/workspace path is intentional and matches the skill's purpose.
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares workspace memory/ write access; integration.py lines 60-75 imp…
网络访问 NONE NONE No network requests in integration.py - uses only standard library
命令执行 NONE NONE No subprocess or shell execution in Python code
环境变量 NONE NONE No os.environ iteration or credential harvesting
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser tool usage
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/skills/workspace-heartbeat-integration
skill.json:6

目录结构

6 文件 · 19.7 KB · 604 行
Python 2f · 350L Markdown 1f · 171L Shell 1f · 71L JSON 1f · 11L Text 1f · 1L
├─ 📁 source
│ └─ 🐍 integration.py Python 229L · 8.2 KB
├─ 📁 tests
│ └─ 🐍 test_basic.py Python 121L · 3.8 KB
├─ 🔧 install.sh Shell 71L · 2.3 KB
├─ 📄 requirements.txt Text 1L · 62 B
├─ 📋 skill.json JSON 11L · 447 B
└─ 📝 SKILL.md Markdown 171L · 4.8 KB

依赖分析 1 项

包名版本来源已知漏洞备注
None (standard library only) N/A pip No external dependencies - uses only json, os, datetime, pathlib, sys, re

安全亮点

✓ Uses only Python standard library (json, os, datetime, pathlib) - no external dependencies
✓ All file operations scoped to declared workspace paths (~/.openclaw/workspace)
✓ No network requests or data exfiltration
✓ No credential harvesting or environment variable iteration
✓ No obfuscation, base64 encoding, or eval() usage
✓ Well-documented SKILL.md with clear architecture and examples
✓ Comprehensive unit tests with tempfile isolation
✓ Idempotent operations prevent duplicate log entries
✓ Thread-safe with file locks mentioned in documentation