扫描报告
0 /100
doubaoimg
Generate images with Doubao web chat, extract the final generated image URL from the page, save the image locally, and return the saved local path.
A well-scoped browser-automation skill that generates images via Doubao web chat, extracts image URLs, and saves them locally. All capabilities are declared, no hidden functionality, no credential access, and no exfiltration paths.
可以安装
Approve for use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 浏览器 | WRITE | WRITE | ✓ 一致 | SKILL.md: Open Doubao, click/type in textarea, evaluate JS, click download butto… |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: Fetches https://www.doubao.com and image URLs |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md: Saves PNG images to local disk |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: Uses PowerShell + Python subprocess for download and path generation |
1 项发现
中危 外部 URL 外部 URL
https://www.doubao.com/chat/ SKILL.md:33 目录结构
1 文件 · 6.1 KB · 203 行 Markdown 1f · 203L
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities are explicitly declared in SKILL.md — no hidden functionality
✓ No credential, token, or key harvesting — only image URLs and local paths
✓ No external dependencies (no package.json, requirements.txt, or binary files)
✓ No obfuscation, base64, eval(), or anti-analysis patterns
✓ Shell commands (PowerShell + Python) are directly relevant to the declared feature (file path generation and image download)
✓ No network exfiltration or C2 communication patterns
✓ No supply-chain risks — single Markdown file, no third-party packages
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)