中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:23 hr ago Rescan
45 /100
castreader
Read any web page aloud with natural AI voices. Extract article text from any URL and convert it to audio (MP3).
CastReader skill has undocumented network behavior, undeclared browser automation with anti-detection flags, and uses base64 audio processing that appears legitimate but warrants scrutiny.
Skill Namecastreader
Duration37.4s
Enginepi
Use with caution
Add explicit network:READ and browser declarations to SKILL.md. Remove --disable-blink-features=AutomationControlled flag. Verify external API endpoint is trustworthy before granting network access.

Findings 5 items

Severity Finding Location
Medium
Undeclared network requests to external API Doc Mismatch
All scripts communicate with api.castreader.ai:8123 for TTS services. SKILL.md only describes URL extraction and audio generation workflow but never explicitly declares network:READ permission or the external API endpoint.
await fetch(`${API_URL}/api/captioned_speech_partly`, { method: 'POST' })
→ Declare network:READ in SKILL.md metadata and document the external TTS API endpoint
 scripts/read-url.js:51
Medium
Undeclared Puppeteer browser automation Doc Mismatch
extract.js and read-aloud.js use Puppeteer to launch headless Chrome browsers and manipulate web pages. SKILL.md only mentions 'read-url.js' and 'generate-text.js' scripts, omitting browser automation entirely.
const browser = await puppeteer.launch({ headless: true, args: ['--no-sandbox', '--disable-setuid-sandbox'] })
→ Declare browser:WRITE in SKILL.md and document Puppeteer usage for content extraction
 scripts/extract.js:42
Medium
Automation detection suppression flag Sensitive Access
read-aloud.js passes --disable-blink-features=AutomationControlled to Chrome, which suppresses navigator.webdriver detection. While common for legitimate automation, this anti-detection technique is suspicious when combined with undeclared browser access.
'--disable-blink-features=AutomationControlled'
→ Remove anti-detection flag unless specifically required for legitimate extension testing
 scripts/read-aloud.js:51
Low
Base64 audio decoding in multiple scripts Obfuscation
Base64-encoded audio from API response is decoded using Buffer.from(audioBase64, 'base64'). While this is legitimate for TTS APIs, the pattern matches high-risk obfuscation signatures and was flagged by pre-scan.
audioChunks.push(Buffer.from(audioBase64, 'base64'))
→ This appears legitimate for TTS services but should be documented to avoid false positive detection
 scripts/generate-paragraph.js:94
Low
Shell execution via subprocess not declared Doc Mismatch
read-url.js uses execFileSync to invoke extract.js as a child process. SKILL.md describes 'node scripts/read-url.js' but does not mention that it internally spawns another Node process.
execFileSync('node', [extractScript, url], { encoding: 'utf-8' })
→ Document internal script orchestration or refactor to use direct module imports
 scripts/read-url.js:79
ResourceDeclaredInferredStatusEvidence
Network NONE READ ✗ Violation scripts/read-url.js:51 - POST to api.castreader.ai:8123
Filesystem NONE WRITE ✗ Violation scripts/read-url.js:82 - fs.writeFileSync
Shell NONE WRITE ✗ Violation scripts/read-url.js:79 - execFileSync('node', ...)
Browser NONE WRITE ✗ Violation scripts/read-aloud.js:43 - puppeteer.launch()
1 Critical 1 High 16 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(audioBase64, 'base64'
scripts/generate-paragraph.js:94
📡
High IP Address 硬编码 IP 地址
131.0.0.0
scripts/extract.js:42
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue
README.md:3
🔗
Medium External URL 外部 URL
https://clawhub.com/castreader
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-green.svg
README.md:4
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/platform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey
README.md:5
🔗
Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Text-to-speech
README.md:46
🔗
Medium External URL 外部 URL
https://notion.so/my-page
README.md:99
🔗
Medium External URL 外部 URL
https://chromewebstore.google.com/detail/castreader-tts-reader/foammmkhpbeladledijkdljlechlclpb
README.md:102
🔗
Medium External URL 外部 URL
http://api.castreader.ai:8123
README.md:134
🔗
Medium External URL 外部 URL
https://castreader.ai
README.md:161
🔗
Medium External URL 外部 URL
https://castreader.ai/openclaw
README.md:162
🔗
Medium External URL 外部 URL
https://microsoftedge.microsoft.com/addons/detail/niidajfbelfcgnkmnpcmdlioclhljaaj
README.md:164
🔗
Medium External URL 外部 URL
https://www.patreon.com/feross
package-lock.json:248
🔗
Medium External URL 外部 URL
https://feross.org/support
package-lock.json:252
🔗
Medium External URL 外部 URL
https://alistapart.com/blog/post/successful-or-unsuccessful-the-post-good-design-vocabulary/
scripts/demo.js:58

File Tree

11 files · 84.4 KB · 2592 lines
JSON 2f · 1222L JavaScript 6f · 1028L Markdown 3f · 342L
├─ 📁 references
│ └─ 📝 castreader-api.md Markdown 76L · 2.2 KB
├─ 📁 scripts
│ ├─ 📜 demo.js JavaScript 169L · 4.7 KB
│ ├─ 📜 extract.js JavaScript 87L · 2.3 KB
│ ├─ 📜 generate-paragraph.js JavaScript 155L · 4.6 KB
│ ├─ 📜 generate-text.js JavaScript 123L · 3.3 KB
│ ├─ 📜 read-aloud.js JavaScript 280L · 9.3 KB
│ └─ 📜 read-url.js JavaScript 214L · 6.2 KB
├─ 📋 package-lock.json JSON 1208L · 42.3 KB
├─ 📋 package.json JSON 14L · 391 B
├─ 📝 README.md Markdown 169L · 6.4 KB
└─ 📝 SKILL.md Markdown 97L · 2.8 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
puppeteer ^23.0.0 npm No Version not pinned; auto-updates to latest
crypto builtin Node.js No Standard library module

Security Positives

✓ No credential harvesting or environment variable theft detected
✓ No reverse shell, C2 communication, or data exfiltration patterns found
✓ Base64 usage is for legitimate TTS audio processing, not code obfuscation
✓ Hardcoded IP 131.0.0.0 is part of Chrome's internal UA string, not actual network contact
✓ All file operations confined to /tmp and skill directory
✓ No suspicious file downloads or supply chain indicators beyond unpinned versions