data-scraper Security Report — Low Risk | ClawSafe

5 /100

data-scraper

智能数据抓取工具 - 从网页/API 提取结构化数据，支持批量处理

Standard web scraping utility that performs declared HTTP-based data extraction without malicious indicators.

Skill Namedata-scraper

Duration26.7s

Enginepi

✓

Safe to install

Approve for use. The skill performs legitimate web scraping with standard dependencies and no hidden functionality.

Findings 1 items

Severity	Finding	Location
Low	Dependencies not strictly pinned Supply Chain requirements.txt uses >= constraints instead of exact versions, allowing potential supply chain attacks through minor version changes. `requests>=2.28.0` → Pin exact versions (e.g., requests==2.31.0) to ensure reproducible builds and prevent dependency hijacking.	`requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	save_output() writes to output path
Network	`READ`	`READ`	✓ Aligned	requests.get() for scraping
Shell	`NONE`	`NONE`	—	No subprocess or shell commands
Environment	`NONE`	`NONE`	—	No os.environ access

5 findings

🔗

Medium External URL 外部 URL

https://api.example.com/data

README.md:37

🔗

Medium External URL 外部 URL

https://competitor.com/products

README.md:83

🔗

Medium External URL 外部 URL

https://directory.com/listings

README.md:102

🔗

Medium External URL 外部 URL

https://amazon.com/s?k=wireless+headphones

SKILL.md:107

🔗

Medium External URL 外部 URL

https://linkedin.com/jobs/search?keywords=python+developer

SKILL.md:134

File Tree

5 files · 16.1 KB · 646 lines

Markdown 2f · 349L Python 1f · 243L JSON 1f · 38L Text 1f · 16L

├─ ▾ 📁 scripts

│ └─ 🐍 data-scraper.py Python 243L · 7.9 KB

├─ 📋 _meta.json JSON 38L · 883 B

├─ 📝 README.md Markdown 174L · 3.1 KB

├─ 📄 requirements.txt Text 16L · 253 B

└─ 📝 SKILL.md Markdown 175L · 4.0 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`requests`	`>=2.28.0`	pip	No	Version not pinned
`beautifulsoup4`	`>=4.11.0`	pip	No	Version not pinned
`openpyxl`	`>=3.0.0`	pip	No	Version not pinned
`pandas`	`>=1.5.0`	pip	No	Version not pinned

Security Positives

✓ No credential harvesting or sensitive file access

✓ No shell execution or command injection vectors

✓ No obfuscation (base64, eval, etc.)

✓ Code matches documented functionality exactly

✓ Proper rate limiting with configurable delays

✓ No C2 communication or data exfiltration

✓ Standard legitimate dependencies (requests, beautifulsoup4)

Scan Report

Findings 1 items

File Tree

Dependencies 4 items

Security Positives