ChangeBrief 安全扫描报告 — 可信 | ClawSafe

5 /100

ChangeBrief

Change intelligence skill that compares previous and current knowledge snapshots to surface important additions, changed claims, stale conclusions, conflicts, and immediate priorities

ChangeBrief is a pure text-diff intelligence library with no network, shell, credential, or exfiltration capabilities whatsoever.

技能名称ChangeBrief

分析耗时43.6s

引擎pi

✓

可以安装

No action needed. This skill is safe to approve and use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	src/index.js:47 — fs.readFileSync(filePath, 'utf-8') on user-supplied --before-f…
网络访问	`NONE`	`NONE`	—	No network calls found in any file
命令执行	`NONE`	`NONE`	—	scripts/publish.sh only runs 'clawhub publish' CLI with declared args
环境变量	`NONE`	`NONE`	—	No os.environ access anywhere in codebase
技能调用	`NONE`	`NONE`	—	No cross-skill invocation code present
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

目录结构

12 文件 · 43.8 KB · 1432 行

JavaScript 3f · 923L Markdown 5f · 433L JSON 2f · 58L Shell 1f · 14L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 406 B

├─ ▾ 📁 bin

│ └─ 📜 cli.js JavaScript 113L · 3.1 KB

├─ ▾ 📁 references

│ └─ 📝 change-signals.md Markdown 55L · 1.5 KB

├─ ▾ 📁 scripts

│ └─ 🔧 publish.sh Shell 14L · 646 B

├─ ▾ 📁 src

│ └─ 📜 index.js JavaScript 737L · 22.1 KB

├─ ▾ 📁 test

│ └─ 📜 test.js JavaScript 73L · 2.9 KB

├─ 📝 CHANGELOG.md Markdown 25L · 1.2 KB

├─ 📋 clawhub.json JSON 19L · 557 B

├─ 📋 package.json JSON 39L · 1.0 KB

├─ 📝 README.md Markdown 127L · 3.4 KB

├─ 📝 RELEASE.md Markdown 62L · 1.7 KB

└─ 📝 SKILL.md Markdown 164L · 5.3 KB

安全亮点

✓ No network requests or external data transfers in any file

✓ No shell execution, subprocess, or command injection vectors

✓ No credential, API key, or token harvesting — not even environment variable iteration

✓ No obfuscation (no base64, no atob, no eval patterns)

✓ Filesystem access limited strictly to user-supplied input file paths

✓ Zero runtime npm dependencies — only Node.js built-in modules (fs, assert)

✓ MIT license with clear, auditable codebase of 737 lines

✓ SKILL.md accurately reflects the actual implementation with no hidden functionality

✓ scripts/publish.sh is a simple version-tagged publish workflow calling only the clawhub CLI

✓ No cron jobs, startup hooks, or persistence mechanisms

✓ No sensitive file access (~/.ssh, ~/.aws, .env, .git-credentials)