中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:23 hr ago Rescan
5 /100
ChangeBrief
Change intelligence skill that compares previous and current knowledge snapshots to surface important additions, changed claims, stale conclusions, conflicts, and immediate priorities
ChangeBrief is a pure text-diff intelligence library with no network, shell, credential, or exfiltration capabilities whatsoever.
Skill NameChangeBrief
Duration43.6s
Enginepi
Safe to install
No action needed. This skill is safe to approve and use.
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned src/index.js:47 — fs.readFileSync(filePath, 'utf-8') on user-supplied --before-f…
Network NONE NONE No network calls found in any file
Shell NONE NONE scripts/publish.sh only runs 'clawhub publish' CLI with declared args
Environment NONE NONE No os.environ access anywhere in codebase
Skill Invoke NONE NONE No cross-skill invocation code present
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access

File Tree

12 files · 43.8 KB · 1432 lines
JavaScript 3f · 923L Markdown 5f · 433L JSON 2f · 58L Shell 1f · 14L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 406 B
├─ 📁 bin
│ └─ 📜 cli.js JavaScript 113L · 3.1 KB
├─ 📁 references
│ └─ 📝 change-signals.md Markdown 55L · 1.5 KB
├─ 📁 scripts
│ └─ 🔧 publish.sh Shell 14L · 646 B
├─ 📁 src
│ └─ 📜 index.js JavaScript 737L · 22.1 KB
├─ 📁 test
│ └─ 📜 test.js JavaScript 73L · 2.9 KB
├─ 📝 CHANGELOG.md Markdown 25L · 1.2 KB
├─ 📋 clawhub.json JSON 19L · 557 B
├─ 📋 package.json JSON 39L · 1.0 KB
├─ 📝 README.md Markdown 127L · 3.4 KB
├─ 📝 RELEASE.md Markdown 62L · 1.7 KB
└─ 📝 SKILL.md Markdown 164L · 5.3 KB

Security Positives

✓ No network requests or external data transfers in any file
✓ No shell execution, subprocess, or command injection vectors
✓ No credential, API key, or token harvesting — not even environment variable iteration
✓ No obfuscation (no base64, no atob, no eval patterns)
✓ Filesystem access limited strictly to user-supplied input file paths
✓ Zero runtime npm dependencies — only Node.js built-in modules (fs, assert)
✓ MIT license with clear, auditable codebase of 737 lines
✓ SKILL.md accurately reflects the actual implementation with no hidden functionality
✓ scripts/publish.sh is a simple version-tagged publish workflow calling only the clawhub CLI
✓ No cron jobs, startup hooks, or persistence mechanisms
✓ No sensitive file access (~/.ssh, ~/.aws, .env, .git-credentials)