project-intro-generator 安全扫描报告 — 低风险 | ClawSafe

15 /100

project-intro-generator

一键生成项目介绍页，支持本地编辑和长图导出

A legitimate project intro page generator that performs standard file system scanning and optional network calls for GitHub API and package registries. No malicious behavior detected.

技能名称project-intro-generator

分析耗时48.0s

引擎pi

✓

可以安装

No action required. Consider documenting the GitHub API network call in SKILL.md for transparency.

安全发现 5 项

严重性	安全发现	位置
低危	GitHub API call not documented 文档欺骗 src/github.js makes HTTPS requests to GitHub API (api.github.com) to fetch repository metadata, but this is not declared in SKILL.md or skill.json. `https://api.github.com/repos/${owner}/${repo}` → Document network:READ access for GitHub API integration in SKILL.md	`src/github.js:9`
低危	Shell execution not documented 文档欺骗 src/git.js uses child_process.execSync to run 'git clone' for remote repository support, which requires shell:WRITE. This is not declared in allowed tools. execSync(`git clone --depth 1 ${gitUrl} ${tempDir}`) → Document shell:WRITE access for git clone support in SKILL.md	`src/git.js:15`
低危	Browser automation not documented 文档欺骗 src/image.js uses playwright to launch a Chromium browser for screenshot generation. This uses browser:WRITE which is not declared. `playwright.chromium.launch({ headless: true })` → Document browser:WRITE access for screenshot export feature in SKILL.md	`src/image.js:11`
提示	Project directory scanning is appropriate 敏感访问 src/analyzer.js scans the provided project path for README files, package.json, and code structure. Files over 512KB are skipped. node_modules and other common ignore dirs are excluded. `if (IGNORE_DIRS.has(entry.name)) continue` → No action needed - behavior is appropriate for the stated purpose	`src/analyzer.js:50`
提示	Dependencies have version constraints 供应链 Dependencies are declared with caret ranges (^11.2.0 for marked, ^1.58.2 for playwright). playwright is an optional dependency. No direct known vulnerabilities detected. `"marked": "^11.2.0"` → Consider pinning exact versions for reproducible builds	`package.json`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	src/analyzer.js:fs.promises.readdir - directory scanning; src/utils.js:readTextF…
文件系统	`NONE`	`WRITE`	✓ 一致	src/template.js:fs.promises.writeFile - writes generated HTML to output path
网络访问	`NONE`	`READ`	✗ 越权	src/github.js:https.get - fetches GitHub API for repo metadata
命令执行	`NONE`	`WRITE`	✗ 越权	src/git.js:execSync - runs git clone command
浏览器	`NONE`	`WRITE`	✗ 越权	src/image.js - uses playwright to take screenshots

7 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai/kunyashaw/project-intro-generator

README.md:5

🔗

中危外部 URL 外部 URL

https://www.youtube.com/watch?v=6ZRcgbdZSXw

README.md:10

🔗

中危外部 URL 外部 URL

https://img.youtube.com/vi/6ZRcgbdZSXw/maxresdefault.jpg

README.md:11

🔗

中危外部 URL 外部 URL

https://mirrors.huaweicloud.com/repository/npm/fsevents/-/fsevents-2.3.2.tgz

package-lock.json:9

🔗

中危外部 URL 外部 URL

https://mirrors.huaweicloud.com/repository/npm/marked/-/marked-11.2.0.tgz

package-lock.json:15

🔗

中危外部 URL 外部 URL

https://mirrors.huaweicloud.com/repository/npm/playwright/-/playwright-1.58.2.tgz

package-lock.json:20

🔗

中危外部 URL 外部 URL

https://mirrors.huaweicloud.com/repository/npm/playwright-core/-/playwright-core-1.58.2.tgz

package-lock.json:30

目录结构

16 文件 · 100.6 KB · 2819 行

JavaScript 10f · 1991L Markdown 3f · 734L JSON 3f · 94L

├─ ▾ 📁 bin

│ └─ 📜 cli.js JavaScript 95L · 3.1 KB

├─ ▾ 📁 public

│ └─ 📜 html2canvas.min.js JavaScript 7L · 237 B

├─ ▾ 📁 src

│ ├─ 📜 analyzer.js JavaScript 700L · 22.7 KB

│ ├─ 📜 git.js JavaScript 33L · 809 B

│ ├─ 📜 github.js JavaScript 112L · 3.8 KB

│ ├─ 📜 image.js JavaScript 28L · 943 B

│ ├─ 📜 index.js JavaScript 59L · 2.0 KB

│ ├─ 📜 template.js JavaScript 801L · 35.9 KB

│ ├─ 📜 themes.js JavaScript 69L · 1.8 KB

│ └─ 📜 utils.js JavaScript 87L · 2.0 KB

├─ 📋 package-lock.json JSON 35L · 1.3 KB

├─ 📋 package.json JSON 36L · 697 B

├─ 📝 README.md Markdown 93L · 3.2 KB

├─ 📝 rules.md Markdown 558L · 18.8 KB

├─ 📋 skill.json JSON 23L · 605 B

└─ 📝 SKILL.md Markdown 83L · 2.7 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`marked`	`^11.2.0`	npm	否	Markdown parser, version range not pinned
`playwright`	`^1.58.2`	npm	否	Optional dependency for screenshot export, version range not pinned

安全亮点

✓ No credential harvesting - skill does not read ~/.ssh, ~/.aws, .env, or other sensitive credential paths

✓ No data exfiltration - no POST requests to external IPs, no credential theft

✓ No obfuscation - all code is readable JavaScript with no base64-encoded payloads

✓ No hidden instructions - no HTML comments with encoded commands

✓ No reverse shell - no network listeners or outbound shells

✓ Git clone input is safely used as repository URL parameter only (not injectable as arbitrary command)

✓ File reads are scoped to user-provided project directories only

✓ Appropriate directory exclusions (node_modules, .git, dist, etc.)

✓ Files over 512KB are skipped during analysis