by 安全扫描
OpenClaw
安全
high confidenceThe skill's code and instructions align with its stated purpose (scanning a Vue2 project for dependency, Webpack, and Babel issues); it requires no credentials or installs and only reads typical project files and runs npm auditing commands.
评估建议
This skill appears coherent and limited to scanning a Vue2 project. Before running it: (1) review the included scripts yourself (they're small and bundled) to satisfy yourself they only access project files; (2) run them in a sandbox or CI environment if you are cautious — they call npm audit and npm list which may perform network calls; (3) ensure npm/node are installed in the environment where you run it; (4) be aware of some simplistic checks (e.g., core-js version parsing) that can cause fal...详细分析 ▾
✓ 用途与能力
The name/description match the actual behavior: scripts check package.json, vue.config.js, babel.config.js and run npm audit/npm list to surface dependency and config issues. No unrelated credentials, binaries, or network endpoints are requested.
✓ 指令范围
SKILL.md instructs running scripts from the project root. The scripts only read project files (package.json, vue.config.js, babel.config.js) and invoke local npm commands (npm list, npm audit). There are no hidden remote endpoints or attempts to read unrelated system files. Some checks use simplistic parsing (e.g., core-js version parsing), which may produce false positives, but this is a correctness/quality issue rather than malicious behavior.
✓ 安装机制
No install spec: instruction-only with bundled shell scripts. Nothing is downloaded or written to disk by an installer. Risk surface is limited to executing the included scripts.
✓ 凭证需求
The skill requires no environment variables, no credentials, and no config paths beyond project files. It does run npm audit (which may access the network for audit data) but that is proportional to dependency scanning.
✓ 持久化与权限
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It runs only when invoked by the user/agent.
⚠ scripts/checks/check-webpack.sh:13
Dynamic code execution detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/7
Initial release of vue2-risk-scan. - Automates scanning for common risks in Vue2 projects. - Detects dependency security issues, Webpack configuration risks, and Babel configuration problems. - Designed for use in daily development, CI checks, and AI automated diagnosis. - Usage: run sh scripts/scan-vue2-risk.sh in your project root.
● 无害
安装命令 点击复制
官方npx clawhub@latest install vue2-risk-scan
镜像加速npx clawhub@latest install vue2-risk-scan --registry https://cn.clawhub-mirror.com
技能文档
Vue2 项目风险扫描 Skill
🧠 Skill 说明
该 Skill 用于自动扫描 Vue2 项目的潜在风险,包括:
- 📦 依赖安全(axios / npm audit 等)
- 🧱 Webpack 配置风险
- 🧬 Babel 配置问题
适用于日常开发自检、CI 检查、AI 自动诊断。
🚀 使用方式
在项目根目录执行:
sh scripts/scan-vue2-risk.sh
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制