vipshop-product-detail Security Report — Low Risk | ClawSafe

15 /100

vipshop-product-detail

唯品会商品详情查询技能 - VIP.com product detail query skill

This is a legitimate VIP.com product detail query skill with declared network access and token storage. One unused hardcoded placeholder IP address (120.0.0.0) found but not used for any network connections.

Skill Namevipshop-product-detail

Duration25.6s

Enginepi

✓

Safe to install

Remove the unused hardcoded IP placeholder (120.0.0.0) at line 56 for code cleanliness. Otherwise, the skill is safe to use.

Findings 1 items

Severity	Finding	Location
Low	Unused hardcoded placeholder IP address Line 56 contains hardcoded IP '120.0.0.0' which is a reserved IP and appears to be an unused placeholder. No network requests are made to this address. `# placeholder IP reference` → Remove the unused hardcoded IP to clean up the code. This does not pose a security risk as it's not used for any network communication.	`scripts/detail.py:56`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md:56 ~/.vipshop-user-login/tokens.json
Network	`READ`	`READ`	✓ Aligned	SKILL.md:64 mapi-pc.vip.com API endpoints

1 High 10 findings

📡

High IP Address 硬编码 IP 地址

120.0.0.0

scripts/detail.py:56

🔗

Medium External URL 外部 URL

https://img.vip.vip.com/xxxxx.jpg

README.md:86

🔗

Medium External URL 外部 URL

https://detail.vip.com/detail-123456-6921714935983149512.html

README.md:126

🔗

Medium External URL 外部 URL

https://mapi-pc.vip.com/vips-mobile/rest/shopping/skill/detail/main/v6

README.md:341

🔗

Medium External URL 外部 URL

https://detail.vip.com/xxx?f=AIClaw

SKILL.md:47

🔗

Medium External URL 外部 URL

https://www.vip.com/

scripts/detail.py:59

🔗

Medium External URL 外部 URL

https://www.vip.com

scripts/detail.py:60

🔗

Medium External URL 外部 URL

https://mapi-pc.vip.com/vips-mobile/rest/shopping/skill/detail/more/v2

scripts/detail.py:177

🔗

Medium External URL 外部 URL

https://detail.vip.com/detail-$

scripts/detail.py:416

🔗

Medium External URL 外部 URL

https://detail.vip.com/detail-

scripts/detail.py:419

File Tree

3 files · 42.6 KB · 1127 lines

Markdown 2f · 607L Python 1f · 520L

├─ ▾ 📁 scripts

│ └─ 🐍 detail.py Python 520L · 21.5 KB

├─ 📝 README.md Markdown 399L · 12.7 KB

└─ 📝 SKILL.md Markdown 208L · 8.4 KB

Security Positives

✓ No shell execution (subprocess, os.system) detected

✓ No credential exfiltration or data theft patterns

✓ No base64 encoded payloads or obfuscated code

✓ No reverse shell or C2 communication patterns

✓ Network requests target only legitimate vip.com domains

✓ Token storage location declared in SKILL.md

✓ Uses only Python standard library (urllib, json, pathlib)

✓ No sensitive path access beyond declared token file

✓ No hidden functionality beyond documentation

Scan Report

Findings 1 items

File Tree

Security Positives