defuddle 安全扫描报告 — 低风险 | ClawSafe

20 /100

defuddle

使用 Defuddle 库从任意网页提取主要内容并转换为 Markdown 格式。支持 CLI 和 Node.js 集成，用于内容爬虫、文本处理和自动化任务。

A web content extraction skill using Defuddle with messaging integrations; benign behavior but with undeclared shell execution (npx, openclaw CLI) and a hardcoded absolute user path in one script.

技能名称defuddle

分析耗时46.6s

引擎pi

✓

可以安装

Document the npx/openclaw CLI dependencies in SKILL.md and replace the hardcoded user path in extract_and_send.sh with a relative or environment-based path.

安全发现 3 项

严重性	安全发现	位置
低危	Undeclared shell execution via npx and openclaw CLI 文档欺骗 SKILL.md documents Node.js integration and npm install but does not mention that scripts use npx defuddle parse or openclaw message send CLI commands, which are functional dependencies for the skill to work. `CONTENT=$(npx defuddle parse "$URL" --markdown)` → Add 'npx defuddle' and 'openclaw CLI' to the technical prerequisites in SKILL.md.	`scripts/extract_and_send.sh:14`
低危	Hardcoded absolute user path in WeChat script 敏感访问 extract_and_send.sh references /Users/honcy/.openclaw/skills/WeChat-Send/scripts/wechat_send.sh — a hardcoded path to a specific user's openclaw installation directory. This path is non-portable and may not exist on other systems. `bash "/Users/honcy/.openclaw/skills/WeChat-Send/scripts/wechat_send.sh"` → Replace with an environment variable or relative path lookup (e.g., $OPENCLAW_ROOT or which openclaw) for portability.	`scripts/extract_and_send.sh:16`
低危	No dependency manifest with pinned versions 供应链 The skill has no package.json, requirements.txt, or equivalent. The defuddle library is installed via npx without version pinning, allowing potentially different versions to be resolved at runtime. `npm install -g defuddle` → Include a package.json or lock file with pinned versions.	`SKILL.md:83`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	npx reads from node_modules (implied)
网络访问	`NONE`	`READ`	✓ 一致	defuddle fetches URLs for content extraction
命令执行	`NONE`	`WRITE`	✗ 越权	scripts/execute subprocess; npx; openclaw CLI calls
环境变量	`NONE`	`NONE`	—	No env var access detected
技能调用	`NONE`	`READ`	✓ 一致	extract_and_send.sh invokes wechat_send.sh from another skill
剪贴板	`NONE`	`NONE`	—	Not accessed
浏览器	`NONE`	`NONE`	—	Not accessed
数据库	`NONE`	`NONE`	—	Not accessed

1 项发现

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:5

目录结构

5 文件 · 4.2 KB · 163 行

Markdown 1f · 92L Shell 3f · 64L JSON 1f · 7L

├─ ▾ 📁 scripts

│ ├─ 🔧 extract_and_send_telegram.sh Shell 21L · 463 B

│ ├─ 🔧 extract_and_send.sh Shell 21L · 516 B

│ └─ 🔧 extract_content.sh Shell 22L · 381 B

├─ 📋 _meta.json JSON 7L · 139 B

└─ 📝 SKILL.md Markdown 92L · 2.7 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`defuddle`	`*`	npx/npm	否	No version pinned, no package manifest
`openclaw`	`unknown`	system CLI	否	Undeclared dependency in extract_and_send_telegram.sh
`npx`	`bundled`	npm	否	Implicit runtime dependency

安全亮点

✓ No credential harvesting or environment variable enumeration

✓ No base64, obfuscation, or anti-analysis patterns

✓ No C2 communication or data exfiltration beyond the explicitly declared messaging integrations

✓ Scripts are short and readable; no hidden functionality

✓ No supply_chain typosquatting or malicious dependencies detected

✓ Messaging integrations (Telegram/WeChat) are declared in SKILL.md scripts section