扫描报告
0 /100
Felo LiveDoc
Manage knowledge bases (LiveDocs) and their resources via Felo API
Felo LiveDoc is a clean knowledge base management skill with no security issues—uses only standard Node.js built-ins, authenticates to a single declared API endpoint, and requires only declared environment variables.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | scripts/run_livedoc.mjs:1 - Only reads files for upload operation, documented in… |
| 网络访问 | READ | READ | ✓ 一致 | scripts/run_livedoc.mjs:3 - Only contacts https://openapi.felo.ai |
| 命令执行 | NONE | NONE | — | No shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | scripts/run_livedoc.mjs:1 - Reads FELO_API_KEY, declared in SKILL.md |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
1 高危 2 项发现
高危 API 密钥 疑似硬编码凭证
API_KEY="your-api-key-here" README.md:38 中危 外部 URL 外部 URL
https://openapi.felo.ai scripts/run_livedoc.mjs:6 目录结构
4 文件 · 23.9 KB · 636 行 JavaScript 1f · 391L
Markdown 2f · 233L
JSON 1f · 12L
├─
▾
scripts
│ └─
run_livedoc.mjs
JavaScript
├─
clawhub.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Node.js built-in modules (fs, path) - no external dependencies
✓ Single, hardcoded API endpoint (https://openapi.felo.ai) - no dynamic host resolution
✓ No obfuscation or suspicious encoding patterns
✓ Clean, readable source code with no hidden functionality
✓ API key is used only for authentication with the legitimate Felo API
✓ No credential harvesting or data exfiltration
✓ No file writes, only reads for the declared upload feature
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)