ifly-text-proofread Security Report — Trusted | ClawSafe

5 /100

ifly-text-proofread

iFlytek Official Document Proofreading - detect and correct errors in Chinese text including typos, punctuation, word order, factual mistakes, sensitive content, and more

Legitimate iFlytek document proofreading skill using standard HTTP API calls with HMAC-SHA256 authentication. No malicious behavior detected; all capabilities are properly declared.

Skill Nameifly-text-proofread

Duration26.6s

Enginepi

✓

Safe to install

This skill is safe to use. Ensure environment variables (IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET) are properly secured and not logged.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	text_proofread.py:232 -- reads files with --file flag
Network	`READ`	`READ`	✓ Aligned	text_proofread.py:173 -- HTTP POST to iFlytek API
Environment	`READ`	`READ`	✓ Aligned	text_proofread.py:212-214 -- reads IFLY_* credentials
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Clipboard	`READ`	`READ`	✓ Aligned	SKILL.md:38 -- supports pipe from stdin

5 findings

🔗

Medium External URL 外部 URL

https://console.xfyun.cn

SKILL.md:18

🔗

Medium External URL 外部 URL

https://cn-huadong-1.xf-yun.com/v1/private/s37b42a45

SKILL.md:85

🔗

Medium External URL 外部 URL

https://console.xfyun.cn/services/s37b42a45

SKILL.md:139

🔗

Medium External URL 外部 URL

https://www.xfyun.cn/services/textCorrectionOfficial?target=price

SKILL.md:185

🔗

Medium External URL 外部 URL

https://www.xfyun.cn/services/textCorrectionOfficial

SKILL.md:199

File Tree

2 files · 17.6 KB · 503 lines

Python 1f · 298L Markdown 1f · 205L

├─ ▾ 📁 scripts

│ └─ 🐍 text_proofread.py Python 298L · 9.3 KB

└─ 📝 SKILL.md Markdown 205L · 8.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`stdlib-only`	`N/A`	Python standard library	No	No pip dependencies - uses only urllib, hmac, hashlib, json, base64, datetime

Security Positives

✓ Uses only Python standard library (urllib, hmac, hashlib, json) - no external pip dependencies

✓ All external communications go to declared iFlytek API endpoints only

✓ Credentials read only from environment variables for authentication, not exfiltrated

✓ Code is clean, readable, and follows clear structure

✓ No obfuscation, no base64 execution, no shell commands

✓ File access is limited to reading (--file flag) for proofreading input

✓ Text truncation at 220,000 chars prevents DoS via oversized input

✓ Proper error handling with informative error messages

Scan Report

File Tree

Dependencies 1 items

Security Positives