Name: web-reader Security Report — Trusted | ClawSafe
Item: web-reader
Rating: 95
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

5 /100

web-reader

智能网页阅读器 - 抓取文章/下载视频并归档，支持分析、摘要、衍生

标准网页抓取工具，功能与文档一致，无恶意行为或敏感操作

Skill Nameweb-reader

Duration45.2s

Enginepi

ClawHub Web Reader v0.2.0 by alexxxiong

📥 314 📦 3

ClawHub Verdict Suspicious dynamic_code_execution

✓

Safe to install

无需操作，可安全使用

Findings 2 items

Severity	Finding	Location
Info	subprocess调用未在文档显式声明 Doc Mismatch SKILL.md描述使用CLI工具但未明确说明通过subprocess执行，代码实际通过subprocess.run调用scrapling/yt-dlp `subprocess.run(cmd_md, capture_output=True, text=True, timeout=60)` → 文档可补充说明：'通过subprocess调用scrapling CLI实现'	`lib/article.py:42`
Info	读取用户配置文件 Sensitive Access 代码读取~/.claude/web-reader.json配置归档目录 `~/.claude/web-reader.json` → 属正常配置读取，符合功能需求	`SKILL.md:15`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	lib/article.py:48 os.makedirs + write
Network	`READ`	`READ`	✓ Aligned	lib/article.py:227 urllib.request
Shell	`WRITE`	`WRITE`	✓ Aligned	lib/article.py:42 subprocess.run(["scrapling"...])

15 findings

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s/xxx

README.md:49

🔗

Medium External URL 外部 URL

https://b23.tv/xxx

README.md:55

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn...

SKILL.md:53

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/

SKILL.md:157

🔗

Medium External URL 外部 URL

https://mmbiz\.qpic\.cn[^

lib/article.py:200

🔗

Medium External URL 外部 URL

https://www.toutiao.com/

lib/article.py:237

🔗

Medium External URL 外部 URL

http://www.apache.org/licenses/LICENSE-2.0

lib/readability.js:8

🔗

Medium External URL 外部 URL

http://code.google.com/p/arc90labs-readability

lib/readability.js:19

🔗

Medium External URL 外部 URL

https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType

lib/readability.js:103

🔗

Medium External URL 外部 URL

https://en.wikipedia.org/wiki/Comma#Comma_variants

lib/readability.js:145

🔗

Medium External URL 外部 URL

https://schema.org/Article

lib/readability.js:147

🔗

Medium External URL 外部 URL

http://mobile.slate.com

lib/readability.js:992

🔗

Medium External URL 外部 URL

https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Content_categories#Phrasing_content

lib/readability.js:1708

🔗

Medium External URL 外部 URL

https://searchfox.org/mozilla-central/rev/f82d5c549f046cb64ce5602bfd894b7ae807c8f8/accessible/generic/TableAccessible.cp...

lib/readability.js:1924

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/...

references/platforms.md:10

File Tree

12 files · 120.4 KB · 3443 lines

JavaScript 1f · 2314L Python 7f · 726L Markdown 4f · 403L

├─ ▾ 📁 lib

│ ├─ 🐍 __init__.py Python 0 B

│ ├─ 🐍 article.py Python 311L · 11.0 KB

│ ├─ 🐍 feishu.py Python 182L · 6.2 KB

│ ├─ 📜 readability.js JavaScript 2314L · 82.1 KB

│ ├─ 🐍 router.py Python 72L · 2.7 KB

│ ├─ 🐍 utils.py Python 20L · 635 B

│ └─ 🐍 video.py Python 59L · 1.7 KB

├─ ▾ 📁 references

│ ├─ 📝 extending.md Markdown 85L · 2.6 KB

│ └─ 📝 platforms.md Markdown 82L · 2.8 KB

├─ 🐍 fetcher.py Python 82L · 3.1 KB

├─ 📝 README.md Markdown 60L · 1.3 KB

└─ 📝 SKILL.md Markdown 176L · 6.3 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`scrapling`	`*`	pip	No	无版本锁定
`yt-dlp`	`*`	pip	No	无版本锁定
`camoufox`	`*`	pip	No	无版本锁定
`html2text`	`*`	pip	No	无版本锁定

Security Positives

✓ 代码结构清晰，模块化设计良好

✓ 无凭证收割或数据外泄行为

✓ 无远程代码执行或反连行为

✓ 无base64编码或混淆代码

✓ 无访问敏感路径(~/.ssh, .env等)

✓ 仅依赖已知安全库(scrapling, yt-dlp, html2text, camoufox)

Scan Report

Findings 2 items

File Tree

Dependencies 4 items

Security Positives