weiqi-fetcher Security Report — Trusted | ClawSafe

5 /100

weiqi-fetcher

围棋分享棋谱下载器 - 从分享链接自动下载SGF棋谱

This is a legitimate Go (围棋) game record downloader that fetches SGF files from various Chinese Go platforms. All functionality is documented and necessary for the stated purpose.

Skill Nameweiqi-fetcher

Duration44.7s

Enginepi

✓

Safe to install

This skill is safe to use. No malicious behavior detected.

Findings 1 items

Severity	Finding	Location
Low	Unpinned Python dependencies Supply Chain Dependencies (requests, playwright, websocket-client) do not specify version constraints `pip3 install requests playwright websocket-client` → Consider pinning versions for reproducible builds: requests>=2.28.0,<3.0.0	`SKILL.md:258`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	Makes HTTP/WebSocket requests to documented platform APIs
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Writes SGF files to /tmp/weiqi_fetch/ directory only
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Browser	`READ`	`READ`	✓ Aligned	Playwright for headless browser automation on 6 platforms

26 findings

🔗

Medium External URL 外部 URL

https://online-go.com/game/

SKILL.md:35

🔗

Medium External URL 外部 URL

https://h5.foxwq.com/yehunewshare/?chessid=

SKILL.md:38

🔗

Medium External URL 外部 URL

https://www.101weiqi.com/play/p/

SKILL.md:41

🔗

Medium External URL 外部 URL

https://home.yikeweiqi.com/mobile.html#/golive/room/

SKILL.md:44

🔗

Medium External URL 外部 URL

https://jupiter.yuanluobo.com/robot-public/all-in-app/go/review?session_id=

SKILL.md:47

🔗

Medium External URL 外部 URL

https://m.19x19.com/app/dark/zh/sgf/

SKILL.md:50

🔗

Medium External URL 外部 URL

http://app.izis.cn/web/#/live_detail?gameId=

SKILL.md:53

🔗

Medium External URL 外部 URL

https://shaoer.yikeweiqi.com/statichtml/game_analysis_mobile.html?p=

SKILL.md:56

🔗

Medium External URL 外部 URL

http://mobile.eweiqi.com/index_ZHCN.html?LNK=1&GNO=

SKILL.md:59

🔗

Medium External URL 外部 URL

https://h5.txwq.qq.com/txwqshare/index.html?chessid=

SKILL.md:62

🔗

Medium External URL 外部 URL

https://weiqi.xinboduiyi.com/golive/index.html#/?gamekey=

SKILL.md:65

🔗

Medium External URL 外部 URL

https://v.dzqzd.com/Kifu/chessmanualdetail?kifuId=

SKILL.md:68

🔗

Medium External URL 外部 URL

https://online-go.com/api/v1/games/

SKILL.md:137

🔗

Medium External URL 外部 URL

https://h5.foxwq.com/yehuDiamond/chessbook_local/YHWQFetchChess?chessid=

SKILL.md:145

🔗

Medium External URL 外部 URL

https://h5.foxwq.com/yehuDiamond/chessbook_local/FetchChessSummaryByChessID?chessid=

SKILL.md:146

🔗

Medium External URL 外部 URL

https://jupiter.yuanluobo.com/r2/chess/wq/sdr/v3/record/detail

SKILL.md:192

🔗

Medium External URL 外部 URL

https://newsite.com/game/

SKILL.md:215

🔗

Medium External URL 外部 URL

https://v.dzqzd.com/Kifu/Details?kifuid=

SKILL.md:305

🔗

Medium External URL 外部 URL

https://www.101weiqi.com

scripts/sources/fetch_101.py:188

🔗

Medium External URL 外部 URL

https://v.dzqzd.com

scripts/sources/fetch_dzqzd.py:106

🔗

Medium External URL 外部 URL

http://client.eweiqi.com/gibo/gibo_load_data.php

scripts/sources/fetch_eweiqi.py:23

🔗

Medium External URL 外部 URL

http://app.izis.cn/GoWebService/getdataserver

scripts/sources/fetch_izis.py:24

🔗

Medium External URL 外部 URL

https://www.xinboduiyi.com/play-room?id=

scripts/sources/fetch_xinboduiyi.py:29

🔗

Medium External URL 外部 URL

https://mo.yikeweiqi.com/yikemo/anon/ayalyse/init

scripts/sources/fetch_yike_shaoer.py:29

🔗

Medium External URL 外部 URL

https://jupiter.yuanluobo.com/robot-public/all-in-app/go/review?session_id=...

scripts/sources/fetch_yuanluobo.py:19

🔗

Medium External URL 外部 URL

https://jupiter.yuanluobo.com

scripts/sources/fetch_yuanluobo.py:105

File Tree

16 files · 105.2 KB · 3227 lines

Python 15f · 2877L Markdown 1f · 350L

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 sources

│ │ ├─ 🐍 __init__.py Python 33L · 683 B

│ │ ├─ 🐍 base.py Python 140L · 4.3 KB

│ │ ├─ 🐍 fetch_101.py Python 325L · 11.4 KB

│ │ ├─ 🐍 fetch_1919.py Python 214L · 6.9 KB

│ │ ├─ 🐍 fetch_dzqzd.py Python 229L · 7.6 KB

│ │ ├─ 🐍 fetch_eweiqi.py Python 172L · 5.5 KB

│ │ ├─ 🐍 fetch_fox.py Python 120L · 3.6 KB

│ │ ├─ 🐍 fetch_izis.py Python 268L · 8.9 KB

│ │ ├─ 🐍 fetch_ogs.py Python 172L · 5.6 KB

│ │ ├─ 🐍 fetch_txwq.py Python 154L · 4.9 KB

│ │ ├─ 🐍 fetch_xinboduiyi.py Python 350L · 12.3 KB

│ │ ├─ 🐍 fetch_yike_shaoer.py Python 203L · 6.4 KB

│ │ ├─ 🐍 fetch_yike.py Python 193L · 7.1 KB

│ │ └─ 🐍 fetch_yuanluobo.py Python 159L · 5.2 KB

│ └─ 🐍 main.py Python 145L · 4.5 KB

└─ 📝 SKILL.md Markdown 350L · 10.4 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned
`playwright`	`*`	pip	No	Version not pinned
`websocket-client`	`*`	pip	No	Version not pinned

Security Positives

✓ All network requests target documented, legitimate Go platform APIs

✓ No credential harvesting or environment variable reading for sensitive data

✓ No shell execution, subprocess, or system command invocation

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No data exfiltration or C2 communication

✓ No obfuscated code (base64 used only for legitimate URL parameter decoding)

✓ Files written only to /tmp/ directory (temporary storage)

✓ Documentation accurately describes all implemented functionality

✓ Clean codebase with proper error handling

Scan Report

Findings 1 items

File Tree

Dependencies 3 items

Security Positives