xiaolongxia-workflow Security Report — Trusted | ClawSafe

0 /100

xiaolongxia-workflow

分层任务分解与执行工作流 - Hierarchical task decomposition and execution workflow

This is a legitimate Python-based hierarchical task workflow system with no malicious behavior, obfuscation, or credential harvesting. All functionality aligns with documented behavior.

Skill Namexiaolongxia-workflow

Duration53.8s

Enginepi

✓

Safe to install

This skill is safe to use. It provides task decomposition, project management, and workflow execution capabilities with standard Python libraries only.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	Creates project directories at configured paths
Network	`NONE`	`READ`	✓ Aligned	SMTP email sending, disabled by default
Shell	`NONE`	`NONE`	—	Git subprocess only for backup_manager.py backup functionality
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

3 findings

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

clawhub.json:10

📧

Info Email 邮箱地址

[email protected]

scripts/email_reporter.py:47

📧

Info Email 邮箱地址

[email protected]

scripts/email_reporter.py:543

File Tree

20 files · 281.1 KB · 7965 lines

Python 14f · 7373L Markdown 2f · 475L JSON 4f · 117L

├─ ▾ 📁 config

│ └─ 📋 workflow_config.json JSON 40L · 872 B

├─ ▾ 📁 references

│ └─ 📝 workflow_overview.md Markdown 203L · 9.1 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 backup_manager.py Python 640L · 25.2 KB

│ ├─ 🐍 demo_integrated.py Python 291L · 10.4 KB

│ ├─ 🐍 email_reporter.py Python 634L · 22.4 KB

│ ├─ 🐍 email_sender.py Python 521L · 17.8 KB

│ ├─ 🐍 error_classifier.py Python 478L · 18.6 KB

│ ├─ 🐍 progress_tracker.py Python 979L · 37.9 KB

│ ├─ 🐍 project_manager.py Python 505L · 15.7 KB

│ ├─ 🐍 robust_executor.py Python 392L · 14.7 KB

│ ├─ 🐍 run_workflow.py Python 285L · 9.8 KB

│ ├─ 🐍 step_decomposer.py Python 846L · 30.6 KB

│ ├─ 🐍 step_executor.py Python 646L · 21.7 KB

│ ├─ 🐍 task_analyzer.py Python 333L · 11.2 KB

│ └─ 🐍 template_engine.py Python 538L · 16.1 KB

├─ ▾ 📁 tests

│ └─ 🐍 test_basic.py Python 285L · 9.7 KB

├─ 📋 clawhub.json JSON 50L · 1.4 KB

├─ 📋 package.json JSON 6L · 237 B

├─ 📋 skill.json JSON 21L · 645 B

└─ 📝 SKILL.md Markdown 272L · 7.0 KB

Security Positives

✓ Pure Python implementation using only standard library - no external dependencies

✓ All functionality clearly documented in SKILL.md with no hidden features

✓ Email sending disabled by default with no exfiltration

✓ Git operations limited to backup_manager.py for legitimate backup purposes

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No obfuscation techniques (base64, eval, atob) detected

✓ No reverse shell, C2 communication, or data theft patterns

✓ No supply chain risks - all code is self-contained

✓ Configuration-based design with no hardcoded credentials

✓ Well-structured code with proper error handling and logging

Scan Report

File Tree

Security Positives