扫描报告
5 /100
skill-tester
OpenClaw Skill Testing Framework - 自动化测试技能质量,验证触发时机、功能正确性、性能指标对比
This is a legitimate OpenClaw skill testing framework that validates trigger patterns, functionality, and performance metrics for other skills. No malicious behavior detected.
可以安装
The skill is safe to use. Continue standard monitoring practices.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md requires.bins: [python3, bash] |
| 文件系统 | READ | READ | ✓ 一致 | test_trigger.py:22 - reads skill SKILL.md files |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md requires.packages: [pytest, requests] |
| 环境变量 | NONE | NONE | — | No access to environment variables detected |
1 项发现
提示 邮箱 邮箱地址
[email protected] SKILL.md:6 目录结构
5 文件 · 25.0 KB · 956 行 Python 3f · 370L
Markdown 1f · 348L
Shell 1f · 238L
├─
▾
scripts
│ ├─
test_comparison.py
Python
│ ├─
test_functionality.py
Python
│ ├─
test_runner.sh
Shell
│ └─
test_trigger.py
Python
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
pytest | latest | pip | 否 | Standard testing dependency, declared in SKILL.md |
requests | latest | pip | 否 | Used for HTTP API testing, declared in SKILL.md |
安全亮点
✓ All declared capabilities match actual implementation
✓ No credential harvesting or environment variable access
✓ No network exfiltration or suspicious outbound connections
✓ No base64 encoding/decoding or obfuscated code
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ Reports are written to /tmp/skill-tests with randomized filenames
✓ Subprocess usage is limited to testing framework functionality