Scan Report
0 /100
doubaoimg
Generate images with Doubao web chat, extract the final generated image URL from the page, save the image locally, and return the saved local path.
A well-scoped browser-automation skill that generates images via Doubao web chat, extracts image URLs, and saves them locally. All capabilities are declared, no hidden functionality, no credential access, and no exfiltration paths.
Safe to install
Approve for use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Browser | WRITE | WRITE | ✓ Aligned | SKILL.md: Open Doubao, click/type in textarea, evaluate JS, click download butto… |
| Network | READ | READ | ✓ Aligned | SKILL.md: Fetches https://www.doubao.com and image URLs |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md: Saves PNG images to local disk |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Uses PowerShell + Python subprocess for download and path generation |
1 findings
Medium External URL 外部 URL
https://www.doubao.com/chat/ SKILL.md:33 File Tree
1 files · 6.1 KB · 203 lines Markdown 1f · 203L
└─
SKILL.md
Markdown
Security Positives
✓ All capabilities are explicitly declared in SKILL.md — no hidden functionality
✓ No credential, token, or key harvesting — only image URLs and local paths
✓ No external dependencies (no package.json, requirements.txt, or binary files)
✓ No obfuscation, base64, eval(), or anti-analysis patterns
✓ Shell commands (PowerShell + Python) are directly relevant to the declared feature (file path generation and image download)
✓ No network exfiltration or C2 communication patterns
✓ No supply-chain risks — single Markdown file, no third-party packages
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)