ClawHub

pc operation security check

v1.0.0

个人电脑操作安全分类分级评估工具。当用户需要对电脑操作进行安全评估、风险分级、操作审计时使用。基于 PC-OCS v1.0 标准,支持本地操作和浏览器操作的风险评估。

0· 94·0 current·0 all-time
by@huaiyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a PC operation risk assessment tool; the included SKILL.md describes classification logic and usage, and the only code (evaluate.sh) implements a keyword-based classifier consistent with that purpose. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md and the script confine operations to parsing user-provided operation descriptions and returning a risk level. They do not instruct the agent to read system files, environment variables, credentials, or transmit data externally. Note: the policy to default to a higher severity when uncertain is explicit and may increase false positives.
Install Mechanism
No install spec; this is instruction-only with a small bash script. Nothing is downloaded or written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths. The evaluation logic only uses the single command-line argument supplied at runtime.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide configuration. It runs on-demand and does not store tokens or change agent settings.
Assessment
This skill is coherent and implements a simple, local keyword-based risk classifier (evaluate.sh) consistent with the SKILL.md. It does not contact external servers or request credentials, so running it locally is low-risk. Caveats: the classifier is heuristic (keyword matching) and may produce false positives or miss context-dependent risks; it defaults to a higher severity when unsure. If you plan to rely on this for automation or for organizational decisions, review and test the script on representative inputs, consider extending it with richer context analysis or logging, and incorporate organizational policies before using results as authoritative.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ctg4jy4yfejn805g0xvg4c983ht5m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments