by 安全扫描
OpenClaw
安全
high confidenceThe skill's files and instructions match its stated purpose (parsing JSON/JSONL logs into a dossier); it has no network calls or secret requirements and appears internally consistent aside from a small metadata omission about requiring Node to run the included script.
评估建议
This skill appears coherent and runs entirely on files you provide. Before installing/using: ensure your agent environment has Node.js available (SKILL.md expects to run node), only pass intended evidence files (do not feed secrets or unrelated system files), and review the generated dossier against raw lines as the skill itself recommends. There are no network calls or hidden endpoints in the code, but exercise standard caution about what files you hand to any automated processor.详细分析 ▾
ℹ 用途与能力
The skill is an incident-dossier generator and includes a JS script that parses JSON/JSONL evidence and emits a Markdown report — this matches the name and description. One minor inconsistency: SKILL.md instructs running the script with node, but the registry metadata lists no required binaries; the script therefore implicitly requires a Node.js runtime that is not declared.
✓ 指令范围
SKILL.md restricts actions to parsing provided evidence files and producing an output dossier. It explicitly instructs the agent to invoke the included script with explicit --input paths and an --out path and includes guardrails (do not fabricate timestamps, verify raw lines). There are no instructions to read unrelated system files or environment variables.
✓ 安装机制
There is no install spec (instruction-only skill plus a local script). No downloads, remote installs, or archive extraction are present. The only runtime requirement is executing the provided Node.js script locally.
✓ 凭证需求
The skill declares no environment variables, credentials, or config paths, and the code does not access environment secrets. It only reads files supplied as inputs and writes the output file.
✓ 持久化与权限
always is false and the skill does not request persistent or elevated privileges, nor does it modify other skills or global agent configuration. It only creates the specified output file.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/20
Initial release
● 无害
安装命令 点击复制
官方npx clawhub@latest install incident-dossier
镜像加速npx clawhub@latest install incident-dossier --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制