扫描报告
20 /100
Daily Report Skill
自动生成每日研究进展报告,并在指定时间推送给用户
A legitimate daily report generator with minor undeclared shell execution for status checking; no malicious indicators found.
可以安装
Document the execSync('openclaw status') call in SKILL.md and pin dependency versions for supply chain safety.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Undeclared shell execution for status check 文档欺骗 | generate.js:306 |
| 提示 | Accesses agent session directory 敏感访问 | generate.js:40 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ+WRITE | ✓ 一致 | generate.js:299 fs.writeFileSync for memory update |
| 命令执行 | NONE | READ | ✗ 越权 | generate.js:306 execSync('openclaw status') |
| 网络访问 | NONE | NONE | — | No network calls observed |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
4 文件 · 17.1 KB · 634 行 JavaScript 1f · 516L
Markdown 2f · 112L
JSON 1f · 6L
├─
config.json
⚠
JSON
├─
generate.js
JavaScript
├─
SKILL.md
Markdown
└─
template.md
Markdown
安全亮点
✓ No network requests or data exfiltration observed
✓ No obfuscation (base64, eval) or anti-analysis techniques
✓ No credential harvesting or environment variable theft
✓ No reverse shell, C2, or remote code execution
✓ File operations are directly related to the stated report generation feature
✓ No malicious dependencies or supply chain risks
✓ Memory updates are append-only and localized to the feature scope