Scan Report
0 /100
share2getnote
Parse ChatGPT or Gemini shared conversation links and save Q&A pairs as notes to GetNote (biji.com)
This is a legitimate ChatGPT/Gemini share link parser that uses Playwright for web scraping, with declared subprocess usage for browser installation. No malicious behavior detected.
Safe to install
Approve for use. The skill performs standard web scraping functionality with properly declared dependencies and workflows.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | Only accesses Playwright browser cache (~/.cache/ms-playwright, line 385-387) |
| Network | READ | READ | ✓ Aligned | Uses Playwright to fetch ChatGPT/Gemini share URLs (lines 323-340) |
| Shell | WRITE | WRITE | ✓ Aligned | subprocess.run for Playwright install (lines 388-397), declared in SKILL.md Step… |
| Environment | NONE | NONE | — | No environment variable access |
| Browser | READ | READ | ✓ Aligned | Playwright chromium.launch with headless=True (lines 324-328) |
1 High 12 findings
High IP Address 硬编码 IP 地址
131.0.0.0 scripts/parse_share.py:265 Medium External URL 外部 URL
https://chatgpt.com/share/* SKILL.md:22 Medium External URL 外部 URL
https://chat.openai.com/share/* SKILL.md:23 Medium External URL 外部 URL
https://gemini.google.com/share/* SKILL.md:24 Medium External URL 外部 URL
https://g.co/gemini/share/* SKILL.md:25 Medium External URL 外部 URL
https://docs.astral.sh/uv/getting-started/installation/ SKILL.md:39 Medium External URL 外部 URL
https://clawhub.ai/iswalle/getnote SKILL.md:48 Medium External URL 外部 URL
https://chatgpt.com/share/...\n scripts/parse_share.py:355 Medium External URL 外部 URL
https://chatgpt.com/s/t_...\n scripts/parse_share.py:356 Medium External URL 外部 URL
https://chat.openai.com/share/...\n scripts/parse_share.py:357 Medium External URL 外部 URL
https://gemini.google.com/share/...\n scripts/parse_share.py:358 Medium External URL 外部 URL
https://g.co/gemini/share/... scripts/parse_share.py:359 File Tree
3 files · 19.1 KB · 574 lines Python 1f · 443L
Markdown 1f · 130L
Text 1f · 1L
├─
▾
scripts
│ ├─
parse_share.py
Python
│ └─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
playwright | >=1.40.0 | pip | No | Version pinned with minimum requirement |
Security Positives
✓ All network operations target declared platforms (chatgpt.com, gemini.google.com)
✓ subprocess usage is declared in SKILL.md workflow (Step 3)
✓ Playwright browser install is a one-time setup, not runtime behavior
✓ No credential harvesting or environment variable access
✓ No data exfiltration to external servers
✓ Output is JSON to stdout, suitable for piping to downstream skill
✓ Hardcoded IP at line 265 is a false positive - it's Chrome/131.0.0.0 version string in User-Agent
✓ No base64, eval, or obfuscated code patterns
✓ Dependencies are pinned (playwright>=1.40.0)