chatbot-engine Security Report — Trusted | ClawSafe

0 /100

chatbot-engine

智能对话引擎 - 多轮对话与意图识别

This is a legitimate chatbot engine with no security issues - all declared capabilities match the implementation with no hidden functionality detected.

Skill Namechatbot-engine

Duration39.8s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	scripts/chatbot.py:103-115 save/load session methods
Network	`READ`	`READ`	✓ Aligned	scripts/llm_adapter.py:58-62 API key env access + line 95-102 OpenAI API calls
Shell	`NONE`	`NONE`	—	No subprocess/os.system calls found
Environment	`NONE`	`READ`	✓ Aligned	scripts/llm_adapter.py:23 reads API keys for legitimate LLM functionality
Skill Invoke	`NONE`	`NONE`	—	No skill invocation patterns found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser automation found
Database	`NONE`	`NONE`	—	No database operations found

File Tree

10 files · 30.4 KB · 1054 lines

Python 7f · 982L Markdown 2f · 67L Text 1f · 5L

├─ ▾ 📁 examples

│ └─ 🐍 basic_usage.py Python 147L · 3.5 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 chatbot.py Python 124L · 3.7 KB

│ ├─ 🐍 dialogue_manager.py Python 71L · 2.4 KB

│ ├─ 🐍 intent_classifier.py Python 166L · 4.8 KB

│ ├─ 🐍 knowledge_base.py Python 221L · 6.4 KB

│ └─ 🐍 llm_adapter.py Python 156L · 5.1 KB

├─ ▾ 📁 tests

│ └─ 🐍 test_chatbot.py Python 97L · 2.8 KB

├─ 📝 README.md Markdown 9L · 96 B

├─ 📄 requirements.txt Text 5L · 78 B

└─ 📝 SKILL.md Markdown 58L · 1.7 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`openai`	`>=1.0.0`	pip	No	Version lower bound set, minor version unpinned
`scikit-learn`	`>=1.3.0`	pip	No	Version lower bound set, minor version unpinned
`numpy`	`>=1.24.0`	pip	No	Standard ML dependency
`pandas`	`>=2.0.0`	pip	No	Standard data processing dependency
`regex`	`>=2023.0.0`	pip	No	Standard regex library

Security Positives

✓ No shell execution (subprocess, os.system, etc.) - clean codebase

✓ No network exfiltration - only legitimate API calls to declared providers (OpenAI, Anthropic)

✓ No credential harvesting beyond necessary API key access for LLM functionality

✓ No obfuscation techniques (base64, eval, etc.) detected

✓ All file operations are declared and documented (session save/load, config persistence)

✓ Dependencies are properly version-pinned in requirements.txt

✓ Plugin system is declared and properly scoped

✓ No sensitive path access (no ~/.ssh, ~/.aws, .env scanning)

✓ No persistence mechanisms (no cron, startup hooks, backdoors)

✓ Clean code with no hidden functionality

Scan Report

File Tree

Dependencies 5 items

Security Positives