by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill will make an HTTP GET to http://localhost:3456/api/bugs and display the returned JSON as a table. That is consistent with its purpose and it asks for no credentials or installs. Before using it, ensure you actually run a trusted BugPack server on port 3456 (otherwise requests will fail or hit an unexpected local service). If you are concerned about any agent making requests to localhost, restrict or review skill invocation settings — the skill will perform the network request when inv...详细分析 ▾
✓ 用途与能力
Name and description match the instructions. The skill's declared purpose (listing bugs) legitimately requires an HTTP GET to a BugPack server; no unrelated credentials, binaries, or config paths are requested.
✓ 指令范围
Runtime instructions are narrow and specific: call GET http://localhost:3456/api/bugs, parse JSON, and present results grouped by status. The instructions do not request reading files, other env vars, or sending data to external endpoints.
✓ 安装机制
No install spec or code files are present (instruction-only), so nothing is written to disk or installed.
✓ 凭证需求
No environment variables, credentials, or config paths are requested; the access requested (local HTTP endpoint) is proportional to the stated task.
✓ 持久化与权限
Skill is not always-enabled and does not request elevated or persistent privileges. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/18
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install bugpack-list-bugs
镜像加速npx clawhub@latest install bugpack-list-bugs --registry https://cn.longxiaskill.com