daily-review-assistant Security Report — Trusted | ClawSafe

5 /100

daily-review-assistant

定时回顾更新助手。定时（中午 12 点、晚上 23:50）自动回顾今日工作，查漏补缺，更新记忆和知识库。

A legitimate daily review automation tool with clear documentation, standard shell scripts, and operations fully aligned with stated functionality. No malicious indicators found.

Skill Namedaily-review-assistant

Duration40.1s

Enginepi

✓

Safe to install

This skill is safe to use. All operations are documented and match the described functionality of a daily work review assistant.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	skill.sh:1 - Creates/updates MEMORY.md, daily logs, knowledge index files
Shell	`WRITE`	`WRITE`	✓ Aligned	skill.sh:1 - Uses bash for git commands and cron management
Network	`READ`	`READ`	✓ Aligned	scripts/knowledge-updater.sh:67 - git push to remote origin
Environment	`NONE`	`READ`	✓ Aligned	scripts/lib/config.sh:33-60 - Reads config from env vars
Skill Invoke	`NONE`	`NONE`	—	No skill invocation found
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

2 findings

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/daily-review-assistant

package.json:25

📧

Info Email 邮箱地址

[email protected]

docs/GIT_PUSH_STRATEGY.md:78

File Tree

12 files · 46.4 KB · 1432 lines

Shell 7f · 1002L Markdown 3f · 347L JSON 2f · 83L

├─ ▾ 📁 config

│ └─ 📋 config.example.json JSON 35L · 754 B

├─ ▾ 📁 docs

│ └─ 📝 GIT_PUSH_STRATEGY.md Markdown 84L · 1.5 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 lib

│ │ └─ 🔧 config.sh Shell 143L · 5.2 KB

│ ├─ 🔧 gap-analyzer.sh Shell 181L · 6.1 KB

│ ├─ 🔧 install.sh Shell 77L · 4.0 KB

│ ├─ 🔧 knowledge-updater.sh Shell 138L · 5.0 KB

│ ├─ 🔧 memory-updater.sh Shell 144L · 4.1 KB

│ └─ 🔧 uninstall.sh Shell 61L · 2.6 KB

├─ 📋 package.json JSON 48L · 1.3 KB

├─ 📝 README.md Markdown 116L · 2.7 KB

├─ 📝 SKILL.md Markdown 147L · 4.2 KB

└─ 🔧 skill.sh Shell 258L · 9.0 KB

Security Positives

✓ All functionality explicitly declared in SKILL.md matches actual code behavior

✓ No base64 encoding, obfuscation, or anti-analysis techniques

✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)

✓ No external script downloads (curl|bash patterns)

✓ Pure shell implementation with no external dependencies

✓ Git operations scoped to configured workspace only

✓ Crontab manipulation clearly documented

✓ Graceful error handling prevents data corruption

Scan Report

File Tree

Security Positives