Scan Report
5 /100
tiktok-app-marketing
TikTok + Instagram幻灯片营销自动化工具,含竞品研究、AI图像生成、文本叠加、多平台发布、分析跟踪和RevenueCat转化追踪
TikTok幻灯片营销自动化工具,功能声明与实际代码完全一致,无恶意行为,Base64解码仅用于处理API返回的图像数据属正常操作。
Safe to install
可安全使用。所有权限声明合理,代码实现与文档一致。
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/generate-slides.js:56 - fs.readFileSync读取config和prompts |
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/generate-slides.js:83,107 - fs.writeFileSync写入生成图像 |
| Network | READ | READ | ✓ Aligned | scripts/generate-slides.js:67-83 - fetch调用OpenAI/Stability AI/Replicate API |
| Network | WRITE | WRITE | ✓ Aligned | scripts/post-to-platforms.js:82-105 - POST到Upload-Post API |
| Browser | READ | READ | ✓ Aligned | SKILL.md声明用于竞品研究,scripts/competitor-research.js仅管理JSON不做浏览器调用 |
2 Critical 18 findings
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(data.data[0].b64_json, 'base64' scripts/generate-slides.js:83 Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(data.artifacts[0].base64, 'base64' scripts/generate-slides.js:107 Medium External URL 外部 URL
https://openclaw.ai README.md:5 Medium External URL 外部 URL
https://upload-post.com README.md:12 Medium External URL 外部 URL
https://clawhub.com README.md:181 Medium External URL 外部 URL
https://upload-post.github.io/upload-post-larry-marketing-skill/ index.html:11 Medium External URL 外部 URL
http://www.w3.org/2000/svg index.html:13 Medium External URL 外部 URL
https://api.upload-post.com/api/analytics/ references/analytics-loop.md:9 Medium External URL 外部 URL
https://api.upload-post.com/api/uploadposts/history?page=1&limit=50&profile_username= references/analytics-loop.md:38 Medium External URL 外部 URL
https://www.tiktok.com/@user/video/7605531854921354518 references/analytics-loop.md:53 Medium External URL 外部 URL
https://api.upload-post.com/api/uploadposts/status?request_id= references/analytics-loop.md:64 Medium External URL 外部 URL
https://tiktok.com/... references/competitor-research.md:66 Medium External URL 外部 URL
https://api.revenuecat.com/v1/subscribers/ references/revenuecat-integration.md:27 Medium External URL 外部 URL
https://api.revenuecat.com/v2/projects/ references/revenuecat-integration.md:35 Medium External URL 外部 URL
https://api.upload-post.com/api scripts/check-analytics.js:38 Medium External URL 外部 URL
https://api.revenuecat.com/v2 scripts/daily-report.js:71 Medium External URL 外部 URL
https://api.stability.ai/v1/generation/$ scripts/generate-slides.js:89 Medium External URL 外部 URL
https://api.replicate.com/v1/predictions scripts/generate-slides.js:115 File Tree
16 files · 149.9 KB · 3808 lines JavaScript 7f · 1646L
Markdown 7f · 1571L
HTML 1f · 586L
JSON 1f · 5L
├─
▾
references
│ ├─
analytics-loop.md
Markdown
│ ├─
app-categories.md
Markdown
│ ├─
competitor-research.md
Markdown
│ ├─
revenuecat-integration.md
Markdown
│ └─
slide-structure.md
Markdown
├─
▾
scripts
│ ├─
add-text-overlay.js
JavaScript
│ ├─
check-analytics.js
JavaScript
│ ├─
competitor-research.js
JavaScript
│ ├─
daily-report.js
JavaScript
│ ├─
generate-slides.js
JavaScript
│ ├─
onboarding.js
JavaScript
│ └─
post-to-platforms.js
JavaScript
├─
_meta.json
JSON
├─
index.html
HTML
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
canvas | * | npm | No | node-canvas用于文本叠加,SKILL.md中明确声明需用户安装 |
Security Positives
✓ 文档完整详尽,1550行SKILL.md覆盖全部功能
✓ 代码结构清晰,所有脚本都有完整注释
✓ 声明的权限与实际代码完全一致
✓ 使用标准Node.js API和官方API端点
✓ 有完善的错误处理和重试机制
✓ 支持多provider路由(openai/stability/replicate/local)
✓ 无凭证收割、无远程代码执行、无数据外泄