habitat-gs-navigator 安全扫描报告 — 可信 | ClawSafe

5 /100

habitat-gs-navigator

Navigate and interact with photo-realistic 3DGS environments via the Habitat-GS Bridge

This skill is a pure-documentation wrapper around the habitat-gs-bridge CLI for 3D scene navigation. No executable code is present; all declared capabilities (local bridge server, CLI tool invocations, memory logging) are documented and benign.

技能名称habitat-gs-navigator

分析耗时25.1s

引擎pi

✓

可以安装

No action needed. This skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md line 72: connects to http://127.0.0.1:8890 (bridge server)
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: runs hab-cli CLI commands (status, load_scene, reset, step, observe, p…
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md: writes episode logs to ~/.openclaw/workspace/memory/YYYY-MM-DD.md

2 项发现

🔗

中危外部 URL 外部 URL

http://127.0.0.1:8890

SKILL.md:72

🔗

中危外部 URL 外部 URL

http://other-host:8890

references/api-reference.md:85

目录结构

3 文件 · 6.9 KB · 239 行

Markdown 3f · 239L

├─ ▾ 📁 references

│ ├─ 📝 api-reference.md Markdown 91L · 2.4 KB

│ └─ 📝 setup.md Markdown 61L · 1.3 KB

└─ 📝 SKILL.md Markdown 87L · 3.2 KB

安全亮点

✓ No executable code files present — skill is pure documentation

✓ All resource access is explicitly documented in SKILL.md

✓ Network target is localhost:8890 only (local bridge server, no external exfiltration path)

✓ Shell execution is limited to well-defined CLI tool invocations (hab-cli)

✓ No base64, eval, obfuscation, or anti-analysis patterns detected

✓ No credential harvesting, environment variable iteration, or sensitive path access

✓ No data exfiltration, C2 communication, or reverse shell behavior

✓ Memory logging path (~/.openclaw/workspace/memory/) is declared and benign