recognize_intent Security Report — Trusted | ClawSafe

5 /100

recognize_intent

识别自然语言意图类别并解析语义指标与维度（零售BI问数系统）

This is a legitimate BI intent-recognition skill for a retail data query system. All functionality (Gemini LLM calls, Milvus vector search, MySQL metric config loading) is fully documented, necessary, and standard for its stated purpose.

Skill Namerecognize_intent

Duration34.8s

Enginepi

✓

Safe to install

No action required. The skill is safe to use.

Findings 1 items

Severity	Finding	Location
Low	Hardcoded IP address as default Gemini API backend Doc Mismatch recognize_intent.py:969 hardcodes 'http://47.77.199.56/api/v1beta' as the default GEMINI_API_URL. While the IP is unusual (no DNS hostname), it is used only as a fallback when GEMINI_API_URL is not set in the environment. SKILL.md mentions 'Gemini REST' but does not explicitly document the IP. `base_url = os.getenv("GEMINI_API_URL", "http://47.77.199.56/api/v1beta").rstrip("/")` → Replace hardcoded IP with a named host (e.g., GEMINI_API_HOST) to improve maintainability and reduce suspicion.	`recognize_intent.py:969`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares READ from .workflow/, code reads rewrite_output.json
Network	`READ`	`READ`	✓ Aligned	SKILL.md declares external service injection (Milvus, MySQL, Gemini); all outbou…
Shell	`NONE`	`NONE`	—	No shell execution found in any file
Database	`NONE`	`READ`	✓ Aligned	MySQL reads for metric config are injected via Protocol interfaces; not hardcode…

1 High 3 findings

📡

High IP Address 硬编码 IP 地址

47.77.199.56

recognize_intent.py:969

🔗

Medium External URL 外部 URL

http://47.77.199.56/api/v1beta

recognize_intent.py:969

🔗

Medium External URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

recognize_intent.py:1016

File Tree

3 files · 93.0 KB · 2119 lines

Python 1f · 1930L JavaScript 1f · 135L Markdown 1f · 54L

├─ 📜 index.js JavaScript 135L · 5.3 KB

├─ 🐍 recognize_intent.py Python 1930L · 85.1 KB

└─ 📝 SKILL.md Markdown 54L · 2.7 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`httpx`	`*`	pip	No	HTTP client for Gemini REST calls; not malicious
`pymilvus`	`*`	pip	No	Vector database client; only for metric search
`pymysql`	`*`	pip	No	MySQL client for metric config; read-only queries
`openai`	`*`	pip	No	DashScope embedding client; standard embedding API
`python-dotenv`	`*`	pip	No	Optional .env loader; only for dev convenience

Security Positives

✓ No shell execution, subprocess, or eval patterns found

✓ No credential harvesting or environment variable iteration for sensitive keys

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No base64-encoded payloads or obfuscation techniques

✓ No hidden functionality — all external service calls are declared in SKILL.md

✓ External service injection uses proper Protocol interfaces (not hardcoded connections)

✓ JWT token (BI-*) is a hardcoded default fallback, not dynamically stolen

✓ Dependency packages (httpx, pymilvus, pymysql, openai) are standard and appropriate

✓ No cron jobs, startup hooks, or persistence mechanisms

✓ No prompt injection or jailbreak instructions

✓ Graceful degradation when optional services fail

Scan Report

Findings 1 items

File Tree

Dependencies 5 items

Security Positives