pmos-search-menu-skill 安全扫描报告 — 可信 | ClawSafe

5 /100

pmos-search-menu-skill

自动化爬取甘肃电力交易平台（PMOS）网站的菜单导航路径

This is a legitimate browser automation skill for navigating a Chinese power trading platform (PMOS) menu structure using the OpenClaw CLI. No malicious behavior detected.

技能名称pmos-search-menu-skill

分析耗时28.7s

引擎pi

✓

可以安装

This skill is safe to use. The shell execution via execSync is a minor documentation gap but is consistent with OpenClaw framework usage.

安全发现 1 项

严重性	安全发现	位置
低危	Shell execution not documented in SKILL.md 文档欺骗 SKILL.md states only the 'browser' tool is used, but scripts execute shell commands via execSync to run openclaw CLI. This is partially mitigated by clawhub.json declaring 'exec' and 'process' as optional tools. `execSync(cmd, { encoding: 'utf-8', stdio: 'inherit' })` → Update SKILL.md to document shell execution as it is necessary for invoking the openclaw CLI tool	`scripts/navigate-pmos.js:22`

资源类型	声明权限	推断权限	状态	证据
浏览器	`WRITE`	`WRITE`	✓ 一致	SKILL.md line 48: '- `browser` - OpenClaw 浏览器控制工具'
命令执行	`NONE`	`WRITE`	✓ 一致	scripts/navigate-pmos.js line 22: 'execSync(cmd, { encoding: 'utf-8', stdio: 'in…
文件系统	`NONE`	`NONE`	—	No file read/write operations in scripts
网络访问	`READ`	`READ`	✓ 一致	Only accesses the declared target URL https://pmos.gs.sgcc.com.cn/

4 项发现

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai/tools/browser

README.md:90

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai/cli/browser

README.md:91

🔗

中危外部 URL 外部 URL

https://pmos.gs.sgcc.com.cn/

SKILL.md:36

🔗

中危外部 URL 外部 URL

https://pmos.gs.sgcc.com.cn/pxf-settlement-outnetpub/#/pxf-settlement-outnetpub/columnHomeLeftMenuNew

pmos-search-menu-skill/references/NAVIGATION_PATH.md:135

目录结构

12 文件 · 38.1 KB · 1336 行

Markdown 6f · 658L JavaScript 2f · 390L Shell 2f · 210L JSON 2f · 78L

├─ ▾ 📁 pmos-search-menu-skill

│ ├─ ▾ 📁 references

│ │ └─ 📝 NAVIGATION_PATH.md Markdown 135L · 4.0 KB

│ ├─ ▾ 📁 scripts

│ │ ├─ 📜 navigate-pmos.js JavaScript 195L · 5.4 KB

│ │ └─ 🔧 navigate-pmos.sh Shell 105L · 3.3 KB

│ ├─ 📋 clawhub.json JSON 39L · 856 B

│ ├─ 📝 README.md Markdown 95L · 2.8 KB

│ └─ 📝 SKILL.md Markdown 99L · 2.7 KB

├─ ▾ 📁 references

│ └─ 📝 NAVIGATION_PATH.md Markdown 135L · 4.0 KB

├─ ▾ 📁 scripts

│ ├─ 📜 navigate-pmos.js JavaScript 195L · 5.4 KB

│ └─ 🔧 navigate-pmos.sh Shell 105L · 3.3 KB

├─ 📋 clawhub.json JSON 39L · 856 B

├─ 📝 README.md Markdown 95L · 2.8 KB

└─ 📝 SKILL.md Markdown 99L · 2.7 KB

安全亮点

✓ No credential harvesting or sensitive data access

✓ No network exfiltration to external IPs

✓ No obfuscation techniques (base64, eval, etc.)

✓ No persistence mechanisms or scheduled tasks

✓ No supply chain risks detected

✓ All operations are focused on legitimate browser navigation

✓ No suspicious external URLs except the declared target (pmos.gs.sgcc.com.cn)