pmos-search-menu-skill Security Report — Trusted | ClawSafe

5 /100

pmos-search-menu-skill

自动化爬取甘肃电力交易平台（PMOS）网站的菜单导航路径

This is a legitimate browser automation skill for navigating a Chinese power trading platform (PMOS) menu structure using the OpenClaw CLI. No malicious behavior detected.

Skill Namepmos-search-menu-skill

Duration28.7s

Enginepi

✓

Safe to install

This skill is safe to use. The shell execution via execSync is a minor documentation gap but is consistent with OpenClaw framework usage.

Findings 1 items

Severity	Finding	Location
Low	Shell execution not documented in SKILL.md Doc Mismatch SKILL.md states only the 'browser' tool is used, but scripts execute shell commands via execSync to run openclaw CLI. This is partially mitigated by clawhub.json declaring 'exec' and 'process' as optional tools. `execSync(cmd, { encoding: 'utf-8', stdio: 'inherit' })` → Update SKILL.md to document shell execution as it is necessary for invoking the openclaw CLI tool	`scripts/navigate-pmos.js:22`

Resource	Declared	Inferred	Status	Evidence
Browser	`WRITE`	`WRITE`	✓ Aligned	SKILL.md line 48: '- `browser` - OpenClaw 浏览器控制工具'
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/navigate-pmos.js line 22: 'execSync(cmd, { encoding: 'utf-8', stdio: 'in…
Filesystem	`NONE`	`NONE`	—	No file read/write operations in scripts
Network	`READ`	`READ`	✓ Aligned	Only accesses the declared target URL https://pmos.gs.sgcc.com.cn/

4 findings

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai/tools/browser

README.md:90

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai/cli/browser

README.md:91

🔗

Medium External URL 外部 URL

https://pmos.gs.sgcc.com.cn/

SKILL.md:36

🔗

Medium External URL 外部 URL

https://pmos.gs.sgcc.com.cn/pxf-settlement-outnetpub/#/pxf-settlement-outnetpub/columnHomeLeftMenuNew

pmos-search-menu-skill/references/NAVIGATION_PATH.md:135

File Tree

12 files · 38.1 KB · 1336 lines

Markdown 6f · 658L JavaScript 2f · 390L Shell 2f · 210L JSON 2f · 78L

├─ ▾ 📁 pmos-search-menu-skill

│ ├─ ▾ 📁 references

│ │ └─ 📝 NAVIGATION_PATH.md Markdown 135L · 4.0 KB

│ ├─ ▾ 📁 scripts

│ │ ├─ 📜 navigate-pmos.js JavaScript 195L · 5.4 KB

│ │ └─ 🔧 navigate-pmos.sh Shell 105L · 3.3 KB

│ ├─ 📋 clawhub.json JSON 39L · 856 B

│ ├─ 📝 README.md Markdown 95L · 2.8 KB

│ └─ 📝 SKILL.md Markdown 99L · 2.7 KB

├─ ▾ 📁 references

│ └─ 📝 NAVIGATION_PATH.md Markdown 135L · 4.0 KB

├─ ▾ 📁 scripts

│ ├─ 📜 navigate-pmos.js JavaScript 195L · 5.4 KB

│ └─ 🔧 navigate-pmos.sh Shell 105L · 3.3 KB

├─ 📋 clawhub.json JSON 39L · 856 B

├─ 📝 README.md Markdown 95L · 2.8 KB

└─ 📝 SKILL.md Markdown 99L · 2.7 KB

Security Positives

✓ No credential harvesting or sensitive data access

✓ No network exfiltration to external IPs

✓ No obfuscation techniques (base64, eval, etc.)

✓ No persistence mechanisms or scheduled tasks

✓ No supply chain risks detected

✓ All operations are focused on legitimate browser navigation

✓ No suspicious external URLs except the declared target (pmos.gs.sgcc.com.cn)

Scan Report

Findings 1 items

File Tree

Security Positives