citation-chasing-mapping 安全扫描报告 — 可信 | ClawSafe

5 /100

citation-chasing-mapping

Use when identifying seminal papers in a research field, mapping research lineage and intellectual heritage

This is a legitimate citation network mapping tool that uses the Semantic Scholar API for academic research. No malicious behavior detected.

技能名称citation-chasing-mapping

分析耗时24.5s

引擎pi

✓

可以安装

This skill is safe to use for citation analysis tasks.

安全发现 1 项

严重性	安全发现	位置
低危	Bash tool declared but not used 文档欺骗 SKILL.md declares 'Bash' in allowed-tools but no subprocess or shell execution is present in the code. `allowed-tools: "Read Write Bash Edit"` → Remove 'Bash' from allowed-tools or document if intended for future CLI integration	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	scripts/main.py:40 - urllib.request.urlopen()
文件系统	`WRITE`	`WRITE`	✓ 一致	scripts/main.py:165 - open(output_file, 'w')
命令执行	`WRITE`	`NONE`	✗ 越权	No subprocess usage found in code

2 项发现

🔗

中危外部 URL 外部 URL

https://api.semanticscholar.org/graph/v1

scripts/main.py:40

🔗

中危外部 URL 外部 URL

https://arrows.app/

scripts/main.py:564

3 文件 · 26.9 KB · 780 行

Python 1f · 569L Markdown 1f · 201L JSON 1f · 10L

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 569L · 21.4 KB

├─ 📝 SKILL.md Markdown 201L · 5.3 KB

└─ 📋 tile.json JSON 10L · 235 B

✓ Uses only standard library (urllib.request) - no external dependencies

✓ All network calls go to legitimate Semantic Scholar API (https://api.semanticscholar.org)

✓ Implements proper rate limiting to avoid API abuse

✓ No credential harvesting or environment variable access

✓ No obfuscation, base64 encoding, or suspicious patterns

✓ No sensitive file system access (~/.ssh, ~/.aws, .env)

✓ No data exfiltration or C2 communication

✓ No subprocess, reverse shell, or remote code execution

✓ Outputs only local JSON files for network visualization