keevx-video-translate 安全扫描报告 — 可信 | ClawSafe

0 /100

keevx-video-translate

Translate videos into a specified target language using the Keevx API

A legitimate video translation skill that interfaces with the Keevx API. All behavior is declared, documented, and necessary for the stated purpose. No malicious patterns detected.

技能名称keevx-video-translate

分析耗时18.9s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:59-66 - API calls to api.keevx.com are declared and necessary
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:15 - Only reads KEEVX_API_KEY for API auth
文件系统	`READ`	`READ`	✓ 一致	SKILL.md:39 - Only reads local video files for upload
命令执行	`NONE`	`NONE`	—	SKILL.md:163-240 - Bash script uses curl for API calls only; no arbitrary comman…

1 高危 12 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_api_key_here"

SKILL.md:15

🔗

中危外部 URL 外部 URL

https://www.keevx.com/main/home.

SKILL.md:12

🔗

中危外部 URL 外部 URL

https://api.keevx.com/v1

SKILL.md:25

🔗

中危外部 URL 外部 URL

https://api.keevx.com/v1/figure-resource/upload/file

SKILL.md:42

🔗

中危外部 URL 外部 URL

https://api.keevx.com/v1/video_translate/target_languages

SKILL.md:69

🔗

中危外部 URL 外部 URL

https://api.keevx.com/v1/video_translate

SKILL.md:82

🔗

中危外部 URL 外部 URL

https://your-server.com/callback

SKILL.md:93

🔗

中危外部 URL 外部 URL

https://api.keevx.com/v1/video_translate/

SKILL.md:119

🔗

中危外部 URL 外部 URL

https://www.keevx.com/main/meta/creations

SKILL.md:302

🔗

中危外部 URL 外部 URL

https://docs.keevx.com/api-reference/endpoint/ListSupportedLanguages

SKILL.md:315

🔗

中危外部 URL 外部 URL

https://docs.keevx.com/api-reference/endpoint/SubmitVideoTranslate

SKILL.md:316

🔗

中危外部 URL 外部 URL

https://docs.keevx.com/api-reference/endpoint/GetTranslationStatus

SKILL.md:317

目录结构

1 文件 · 11.1 KB · 317 行

Markdown 1f · 317L

└─ 📝 SKILL.md Markdown 317L · 11.1 KB

安全亮点

✓ All API calls target declared, legitimate endpoint (api.keevx.com)

✓ Only accesses KEEVX_API_KEY environment variable for authentication

✓ Shell usage is limited to curl commands for API communication

✓ No credential harvesting, data exfiltration, or obfuscation patterns

✓ Documentation accurately describes all functionality

✓ No external script downloads, no base64 encoding, no reverse shells

✓ No supply chain risks (no external dependencies or unpinned packages)