bupahua-store Security Report — Trusted | ClawSafe

0 /100

bupahua-store

不怕花商城商品搜索助手

The skill is a legitimate product search tool for a Chinese e-commerce store with no malicious behavior detected.

Skill Namebupahua-store

Duration20.0s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	SKILL.md does not require filesystem access
Network	`READ`	`READ`	✓ Aligned	Scripts/search.py:58-71 makes POST request to bupahua.com API
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:211 runs python3 scripts/search.py
Environment	`NONE`	`READ`	✓ Aligned	Scripts/search.py:67-70 reads configuration from .env

14 findings

🔗

Medium External URL 外部 URL

https://bupahua.com/Api

.env:2

🔗

Medium External URL 外部 URL

https://bupahua.com

SKILL.md:26

🔗

Medium External URL 外部 URL

https://bupahua.com/product/

SKILL.md:80

🔗

Medium External URL 外部 URL

https://bupahua.com/hot

SKILL.md:98

🔗

Medium External URL 外部 URL

https://bupahua.com/product/595

SKILL.md:130

🔗

Medium External URL 外部 URL

https://bupahua.com/product/550

SKILL.md:135

🔗

Medium External URL 外部 URL

https://bupahua.com/product/428

SKILL.md:140

🔗

Medium External URL 外部 URL

https://bupahua.com/product/677

SKILL.md:157

🔗

Medium External URL 外部 URL

https://bupahua.com/Api/Search/searches

SKILL.md:189

🔗

Medium External URL 外部 URL

https://bupahua.com/Api/Claw/searches

scripts/search.py:4

🔗

Medium External URL 外部 URL

https://bupahua.com/Data/UploadFiles/product/2025-06-13/small_1749783147327810.jpg

scripts/search.py:200

🔗

Medium External URL 外部 URL

https://bupahua.com/Data/UploadFiles/product/2025-04-19/1745060657848558.jpg

scripts/search.py:208

🔗

Medium External URL 外部 URL

https://bupahua.com/Data/UploadFiles/product/2025-03-30/1743335494851297.jpg

scripts/search.py:216

🔗

Medium External URL 外部 URL

https://bupahua.com/Data/UploadFiles/product/2025-03-05/1741139160565676.jpg

scripts/search.py:224

File Tree

4 files · 21.0 KB · 613 lines

Python 1f · 368L Markdown 2f · 241L Other 1f · 4L

├─ ▾ 📁 scripts

│ └─ 🐍 search.py Python 368L · 14.4 KB

├─ 🔑 .env ⚠ 4L · 124 B

├─ 📝 README.md Markdown 9L · 461 B

└─ 📝 SKILL.md Markdown 232L · 6.0 KB

Security Positives

✓ Clean codebase with no obfuscation or suspicious code patterns

✓ API calls are declared in SKILL.md and match implementation

✓ Credentials are scoped to skill directory only (~/.openclaw/skills/bupahua-store/)

✓ No credential exfiltration - API key is only used for authentication

✓ No network calls to unknown IPs or suspicious endpoints

✓ No base64 encoding, eval(), or dynamic code execution

✓ No sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No reverse shell, C2, or data theft patterns

✓ Mock search mode available for testing without real API calls

Scan Report

File Tree

Security Positives