ClawHub

Permission Footprint Reviewer

v1.0.0

梳理某个 Skill、脚本或工作流需要的权限,并提出最小权限替代方案。;use for permissions, least-privilege, security workflows;do not use for 绕过系统安全控制, 生成提权方法.

0· 88·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the package is an audit helper that reads local inputs and produces structured reports. Declared requirement (python3) is proportional; no unrelated env vars or credentials are requested.
Instruction Scope
SKILL.md and scripts instruct the agent to read provided files/dirs (or use templates) and produce audit reports. This is within scope. Note: the runtime script will read arbitrary files under any user-supplied path (recursively up to configured limits), so providing a root/system path will make it scan many files and potentially surface sensitive content — this is expected for an auditor but worth being mindful of.
Install Mechanism
No install spec; instruction-only with a local Python script. No downloads or external package installs are performed, minimizing install-time risk.
Credentials
No environment variables, credentials, or config paths are required. The script only reads user-supplied input paths and local resource files included in the skill.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It can write its own output file when asked (normal behavior) but otherwise operates read-only unless the user requests writes.
Assessment
This skill appears to do what it claims: local, read-only auditing and structured recommendations. Before running: (1) inspect scripts/run.py yourself (it is included) and run with --dry-run to verify behavior; (2) avoid pointing the tool at system roots or directories with highly sensitive data unless you intend that scan; (3) prefer running in an isolated/sandbox workspace and review outputs before saving or sharing them; (4) remember the tool can write output files if you pass --output (omit or use --dry-run to avoid accidental writes).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a40718tp4f64d2jcxrxkvkn836ryv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪪 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments