xiaolongxia-workflow 安全扫描报告 — 可信 | ClawSafe

0 /100

xiaolongxia-workflow

分层任务分解与执行工作流 - Hierarchical task decomposition and execution workflow

This is a legitimate Python-based hierarchical task workflow system with no malicious behavior, obfuscation, or credential harvesting. All functionality aligns with documented behavior.

技能名称xiaolongxia-workflow

分析耗时53.8s

引擎pi

✓

可以安装

This skill is safe to use. It provides task decomposition, project management, and workflow execution capabilities with standard Python libraries only.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	Creates project directories at configured paths
网络访问	`NONE`	`READ`	✓ 一致	SMTP email sending, disabled by default
命令执行	`NONE`	`NONE`	—	Git subprocess only for backup_manager.py backup functionality
环境变量	`NONE`	`NONE`	—	No environment variable access
技能调用	`NONE`	`NONE`	—	No skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

3 项发现

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai

clawhub.json:10

📧

提示邮箱邮箱地址

[email protected]

scripts/email_reporter.py:47

📧

提示邮箱邮箱地址

[email protected]

scripts/email_reporter.py:543

目录结构

20 文件 · 281.1 KB · 7965 行

Python 14f · 7373L Markdown 2f · 475L JSON 4f · 117L

├─ ▾ 📁 config

│ └─ 📋 workflow_config.json JSON 40L · 872 B

├─ ▾ 📁 references

│ └─ 📝 workflow_overview.md Markdown 203L · 9.1 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 backup_manager.py Python 640L · 25.2 KB

│ ├─ 🐍 demo_integrated.py Python 291L · 10.4 KB

│ ├─ 🐍 email_reporter.py Python 634L · 22.4 KB

│ ├─ 🐍 email_sender.py Python 521L · 17.8 KB

│ ├─ 🐍 error_classifier.py Python 478L · 18.6 KB

│ ├─ 🐍 progress_tracker.py Python 979L · 37.9 KB

│ ├─ 🐍 project_manager.py Python 505L · 15.7 KB

│ ├─ 🐍 robust_executor.py Python 392L · 14.7 KB

│ ├─ 🐍 run_workflow.py Python 285L · 9.8 KB

│ ├─ 🐍 step_decomposer.py Python 846L · 30.6 KB

│ ├─ 🐍 step_executor.py Python 646L · 21.7 KB

│ ├─ 🐍 task_analyzer.py Python 333L · 11.2 KB

│ └─ 🐍 template_engine.py Python 538L · 16.1 KB

├─ ▾ 📁 tests

│ └─ 🐍 test_basic.py Python 285L · 9.7 KB

├─ 📋 clawhub.json JSON 50L · 1.4 KB

├─ 📋 package.json JSON 6L · 237 B

├─ 📋 skill.json JSON 21L · 645 B

└─ 📝 SKILL.md Markdown 272L · 7.0 KB

安全亮点

✓ Pure Python implementation using only standard library - no external dependencies

✓ All functionality clearly documented in SKILL.md with no hidden features

✓ Email sending disabled by default with no exfiltration

✓ Git operations limited to backup_manager.py for legitimate backup purposes

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No obfuscation techniques (base64, eval, atob) detected

✓ No reverse shell, C2 communication, or data theft patterns

✓ No supply chain risks - all code is self-contained

✓ Configuration-based design with no hardcoded credentials

✓ Well-structured code with proper error handling and logging