Agent Notify 安全扫描报告 — 可信 | ClawSafe

5 /100

Agent Notify

Cross-platform notification sound and taskbar flash for AI coding agents

Agent Notify is a legitimate, well-documented notification utility for AI coding agents. All behavior — shell execution, file writes, agent config modification — is explicitly declared in SKILL.md. No malicious patterns, credential access, data exfiltration, or obfuscation observed.

技能名称Agent Notify

分析耗时43.8s

引擎pi

✓

可以安装

No action required. This skill is safe to use.

安全发现 3 项

严重性	安全发现	位置
低危	Overly broad trigger keywords 文档欺骗 The skill defines 26 Chinese and English trigger keywords (e.g., '提示音', 'notify', 'beep', 'bell'). While expansive, this is a common pattern for skill engines and is clearly documented with no security impact. `triggers: ["提示音", "通知提醒", ..., "notification setup"]` → Consider narrowing trigger keywords if false activations become problematic. This is a UX concern, not a security issue.	`skill.md:1`
低危	Missing Windows script file 供应链 SKILL.md references scripts/notify-windows.ps1 and the README project structure lists it, but the file is not present in the package. If a user selects Windows during quick setup, the installation would fail or attempt an incomplete configuration. `cp "<skill_dir>/scripts/notify-windows.ps1" "$AGENT_HOME/notify.ps1"` → Add the missing notify-windows.ps1 script or remove Windows from supported platforms in the documentation.	`skill.md:88`
提示	No dependency pinning 供应链 The skill relies on external tools (jq, python3, paplay, aplay, pw-play, notify-send, afplay) without pinning versions. These are standard OS-level tools, not package dependencies, so this is low risk. `if command -v jq &>/dev/null; then` → No action required. These are system binaries, not pip/npm packages.	`scripts/notify-linux.sh, scripts/notify-macos.sh:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	skill.md:3 — 'Skill definition' with full install/uninstall instructions for fil…
命令执行	`WRITE`	`WRITE`	✓ 一致	skill.md:3 — PowerShell/bash execution explicitly documented for OS detection, s…
网络访问	`NONE`	`NONE`	—	No network operations in any script
环境变量	`NONE`	`NONE`	—	No environment variable access in any script
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access
技能调用	`NONE`	`NONE`	—	No cross-skill invocation

3 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-GPLv3-blue.svg

README.md:7

🔗

中危外部 URL 外部 URL

https://www.gnu.org/licenses/gpl-3.0

README.md:7

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Platform-Windows%20%7C%20macOS%20%7C%20Linux-brightgreen.svg

README.md:8

目录结构

5 文件 · 21.5 KB · 759 行

Markdown 2f · 588L Shell 2f · 148L JSON 1f · 23L

├─ ▾ 📁 config

│ └─ 📋 default.json JSON 23L · 427 B

├─ ▾ 📁 scripts

│ ├─ 🔧 notify-linux.sh Shell 76L · 2.1 KB

│ └─ 🔧 notify-macos.sh Shell 72L · 2.1 KB

├─ 📝 README.md Markdown 165L · 4.2 KB

└─ 📝 skill.md Markdown 423L · 12.7 KB

安全亮点

✓ All file operations are explicitly declared in SKILL.md with exact commands and file paths

✓ Agent config modification uses safe merge strategy — never overwrites existing settings

✓ No credential harvesting, API key access, or sensitive path traversal

✓ No base64 encoding, eval, or obfuscated execution patterns

✓ No network requests or data exfiltration endpoints

✓ Scripts use graceful fallbacks for missing tools (e.g., jq→python3, paplay→aplay→pw-play)

✓ Uninstall function properly cleans all created files and settings entries

✓ OS detection via uname is non-destructive and read-only

✓ Config parsing uses standard JSON libraries with no shell injection vectors