扫描报告
5 /100
inkbox
Send and receive emails and phone calls via Inkbox agent identities with encrypted vault support
Legitimate communication SDK skill for email, phone, and vault operations via the Inkbox API with no malicious behavior detected.
可以安装
Approve for use. The skill is a standard API client library with clear documentation and no hidden functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | SKILL.md:61-66 - reads config files for env vars |
| 网络访问 | NONE | WRITE | ✓ 一致 | SKILL.md:62 - SDK makes API calls to inkbox.ai |
| 命令执行 | NONE | NONE | — | No shell scripts in skill; npm install documented but not auto-executed |
6 项发现
中危 外部 URL 外部 URL
https://openclaw.ai README.md:3 中危 外部 URL 外部 URL
https://inkbox.ai README.md:3 中危 外部 URL 外部 URL
https://console.inkbox.ai README.md:29 中危 外部 URL 外部 URL
https://aws.amazon.com SKILL.md:244 提示 邮箱 邮箱地址
[email protected] SKILL.md:107 提示 邮箱 邮箱地址
[email protected] SKILL.md:389 目录结构
3 文件 · 20.0 KB · 592 行 Markdown 2f · 581L
JSON 1f · 11L
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@inkbox/sdk | ^0.1.1 | npm | 否 | SDK is the implementation; version range is reasonable |
安全亮点
✓ SDK package @inkbox/sdk ^0.1.1 is pinned to a specific version range
✓ No scripts directory or executable code present - purely documentation
✓ No sensitive file access detected (no ~/.ssh, ~/.aws, or .env access)
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques
✓ No credential harvesting beyond the declared INKBOX_API_KEY requirement
✓ No data exfiltration or C2 communication patterns
✓ No supply chain risks - standard npm package with stable versioning
✓ Clear, comprehensive documentation matching the skill's stated purpose