扫描报告
5 /100
workspace-trash
Soft-delete protection for workspace files — intercept file deletions and move them to a recoverable trash instead of permanent removal.
A straightforward workspace soft-delete utility with clear documentation, well-defined scope boundaries, and sound defensive practices against path traversal and code injection.
可以安装
No action needed. This skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md declares file write access under ~/.openclaw/; trash.sh moves/copies fi… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares 'mv', 'cp', 'rm', 'find'; all used appropriately for trash ope… |
| 环境变量 | NONE | READ | ✓ 一致 | Reads OPENCLAW_HOME and OPENCLAW_WORKSPACE from env; documented in SKILL.md; not… |
| 网络访问 | NONE | NONE | — | No network operations found |
| 技能调用 | NONE | NONE | — | No skill invocation chains |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
2 文件 · 13.4 KB · 340 行 Shell 1f · 270L
Markdown 1f · 70L
├─
▾
scripts
│ └─
trash.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ No base64-encoded or obfuscated code anywhere in the implementation
✓ No network requests, external IPs, or data exfiltration observed
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No external script downloads or curl|bash patterns
✓ No reverse shell, C2, or arbitrary code execution vectors
✓ All declared capabilities match actual usage — no doc-to-code mismatch
✓ Strong path traversal defense: symlinks are resolved before scope check (resolve_path + pwd -P)
✓ Injection prevention: all user data passed to Node.js via process.env, never string interpolation into node -e
✓ Flag safety: all mv/cp/rm calls use '--' separators to prevent filenames starting with '-'
✓ Scope lock restricts all operations to $OPENCLAW_HOME (~/.openclaw/) with explicit refusal of out-of-scope paths
✓ Manifest updates use atomic read-then-write pattern on a JSON file
✓ Cross-filesystem fallback (cp+rm) is a known and documented edge case, not hidden behavior
✓ The 'empty' action's rm -rf is clearly documented as irreversible and requires user confirmation
✓ No malicious dependencies; only Node.js built-ins (fs, path, child_process) are used
✓ No supply chain risks: no package.json/requirements.txt, only POSIX utilities and Node.js built-ins