defuddle Security Report — Low Risk | ClawSafe

20 /100

defuddle

使用 Defuddle 库从任意网页提取主要内容并转换为 Markdown 格式。支持 CLI 和 Node.js 集成，用于内容爬虫、文本处理和自动化任务。

A web content extraction skill using Defuddle with messaging integrations; benign behavior but with undeclared shell execution (npx, openclaw CLI) and a hardcoded absolute user path in one script.

Skill Namedefuddle

Duration46.6s

Enginepi

✓

Safe to install

Document the npx/openclaw CLI dependencies in SKILL.md and replace the hardcoded user path in extract_and_send.sh with a relative or environment-based path.

Findings 3 items

Severity	Finding	Location
Low	Undeclared shell execution via npx and openclaw CLI Doc Mismatch SKILL.md documents Node.js integration and npm install but does not mention that scripts use npx defuddle parse or openclaw message send CLI commands, which are functional dependencies for the skill to work. `CONTENT=$(npx defuddle parse "$URL" --markdown)` → Add 'npx defuddle' and 'openclaw CLI' to the technical prerequisites in SKILL.md.	`scripts/extract_and_send.sh:14`
Low	Hardcoded absolute user path in WeChat script Sensitive Access extract_and_send.sh references /Users/honcy/.openclaw/skills/WeChat-Send/scripts/wechat_send.sh — a hardcoded path to a specific user's openclaw installation directory. This path is non-portable and may not exist on other systems. `bash "/Users/honcy/.openclaw/skills/WeChat-Send/scripts/wechat_send.sh"` → Replace with an environment variable or relative path lookup (e.g., $OPENCLAW_ROOT or which openclaw) for portability.	`scripts/extract_and_send.sh:16`
Low	No dependency manifest with pinned versions Supply Chain The skill has no package.json, requirements.txt, or equivalent. The defuddle library is installed via npx without version pinning, allowing potentially different versions to be resolved at runtime. `npm install -g defuddle` → Include a package.json or lock file with pinned versions.	`SKILL.md:83`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	npx reads from node_modules (implied)
Network	`NONE`	`READ`	✓ Aligned	defuddle fetches URLs for content extraction
Shell	`NONE`	`WRITE`	✗ Violation	scripts/execute subprocess; npx; openclaw CLI calls
Environment	`NONE`	`NONE`	—	No env var access detected
Skill Invoke	`NONE`	`READ`	✓ Aligned	extract_and_send.sh invokes wechat_send.sh from another skill
Clipboard	`NONE`	`NONE`	—	Not accessed
Browser	`NONE`	`NONE`	—	Not accessed
Database	`NONE`	`NONE`	—	Not accessed

1 findings

📧

Info Email 邮箱地址

[email protected]

SKILL.md:5

File Tree

5 files · 4.2 KB · 163 lines

Markdown 1f · 92L Shell 3f · 64L JSON 1f · 7L

├─ ▾ 📁 scripts

│ ├─ 🔧 extract_and_send_telegram.sh Shell 21L · 463 B

│ ├─ 🔧 extract_and_send.sh Shell 21L · 516 B

│ └─ 🔧 extract_content.sh Shell 22L · 381 B

├─ 📋 _meta.json JSON 7L · 139 B

└─ 📝 SKILL.md Markdown 92L · 2.7 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`defuddle`	`*`	npx/npm	No	No version pinned, no package manifest
`openclaw`	`unknown`	system CLI	No	Undeclared dependency in extract_and_send_telegram.sh
`npx`	`bundled`	npm	No	Implicit runtime dependency

Security Positives

✓ No credential harvesting or environment variable enumeration

✓ No base64, obfuscation, or anti-analysis patterns

✓ No C2 communication or data exfiltration beyond the explicitly declared messaging integrations

✓ Scripts are short and readable; no hidden functionality

✓ No supply_chain typosquatting or malicious dependencies detected

✓ Messaging integrations (Telegram/WeChat) are declared in SKILL.md scripts section

Scan Report

Findings 3 items

File Tree

Dependencies 3 items

Security Positives