share2getnote 安全扫描报告 — 可信 | ClawSafe

0 /100

share2getnote

Parse ChatGPT or Gemini shared conversation links and save Q&A pairs as notes to GetNote (biji.com)

This is a legitimate ChatGPT/Gemini share link parser that uses Playwright for web scraping, with declared subprocess usage for browser installation. No malicious behavior detected.

技能名称share2getnote

分析耗时34.1s

引擎pi

✓

可以安装

Approve for use. The skill performs standard web scraping functionality with properly declared dependencies and workflows.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	Only accesses Playwright browser cache (~/.cache/ms-playwright, line 385-387)
网络访问	`READ`	`READ`	✓ 一致	Uses Playwright to fetch ChatGPT/Gemini share URLs (lines 323-340)
命令执行	`WRITE`	`WRITE`	✓ 一致	subprocess.run for Playwright install (lines 388-397), declared in SKILL.md Step…
环境变量	`NONE`	`NONE`	—	No environment variable access
浏览器	`READ`	`READ`	✓ 一致	Playwright chromium.launch with headless=True (lines 324-328)

1 高危 12 项发现

📡

高危 IP 地址硬编码 IP 地址

131.0.0.0

scripts/parse_share.py:265

🔗

中危外部 URL 外部 URL

https://chatgpt.com/share/*

SKILL.md:22

🔗

中危外部 URL 外部 URL

https://chat.openai.com/share/*

SKILL.md:23

🔗

中危外部 URL 外部 URL

https://gemini.google.com/share/*

SKILL.md:24

🔗

中危外部 URL 外部 URL

https://g.co/gemini/share/*

SKILL.md:25

🔗

中危外部 URL 外部 URL

https://docs.astral.sh/uv/getting-started/installation/

SKILL.md:39

🔗

中危外部 URL 外部 URL

https://clawhub.ai/iswalle/getnote

SKILL.md:48

🔗

中危外部 URL 外部 URL

https://chatgpt.com/share/...\n

scripts/parse_share.py:355

🔗

中危外部 URL 外部 URL

https://chatgpt.com/s/t_...\n

scripts/parse_share.py:356

🔗

中危外部 URL 外部 URL

https://chat.openai.com/share/...\n

scripts/parse_share.py:357

🔗

中危外部 URL 外部 URL

https://gemini.google.com/share/...\n

scripts/parse_share.py:358

🔗

中危外部 URL 外部 URL

https://g.co/gemini/share/...

scripts/parse_share.py:359

目录结构

3 文件 · 19.1 KB · 574 行

Python 1f · 443L Markdown 1f · 130L Text 1f · 1L

├─ ▾ 📁 scripts

│ ├─ 🐍 parse_share.py Python 443L · 15.3 KB

│ └─ 📄 requirements.txt Text 1L · 19 B

└─ 📝 SKILL.md Markdown 130L · 3.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`playwright`	`>=1.40.0`	pip	否	Version pinned with minimum requirement

安全亮点

✓ All network operations target declared platforms (chatgpt.com, gemini.google.com)

✓ subprocess usage is declared in SKILL.md workflow (Step 3)

✓ Playwright browser install is a one-time setup, not runtime behavior

✓ No credential harvesting or environment variable access

✓ No data exfiltration to external servers

✓ Output is JSON to stdout, suitable for piping to downstream skill

✓ Hardcoded IP at line 265 is a false positive - it's Chrome/131.0.0.0 version string in User-Agent

✓ No base64, eval, or obfuscated code patterns

✓ Dependencies are pinned (playwright>=1.40.0)