中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:1 day ago Rescan
45 /100
ai-content-pipeline
End-to-end AI Content Pipeline that crawls articles, rewrites them using Google Gemini, and automatically publishes to Facebook Fanpage
Skill exposes production credentials in .env file and has an unpinned external dependency, though core functionality appears legitimate without malicious behavior.
Skill Nameai-content-pipeline
Duration69.5s
Enginepi
Use with caution
1) Remove real credentials from .env and use only placeholder values; 2) Pin openclaw to a specific version (e.g., openclaw==2026.3.0); 3) Remove credential prefixes from README.md table; 4) Ensure .env is never committed to version control

Findings 4 items

Severity Finding Location
High
Production API credentials in .env file Credential Theft
The .env file contains real OpenAI API key, Apify token, Facebook App Secret, and Page Access Token. If this file is committed to version control or shared, all credentials are exposed to attackers.
OPENAI_API_KEY=sk-proj-Z-KB75ZFpWtDHLKqE9Sq1LKfk8cahCw4RFWHGDgjKNPIJzhx...
→ Remove all real credentials. Use only placeholder values (e.g., OPENAI_API_KEY=your_key_here). Add .env to .gitignore (already present) and never commit.
 .env:7
Medium
Credential prefixes exposed in documentation Doc Mismatch
README.md lines 102-103 display partial API key prefixes in a credentials table, which could aid attackers in identifying the key type.
| OpenAI | `sk-proj-Z-KB75Z...` |
→ Remove credential examples from README.md. Use generic placeholders like 'your_openai_key' instead of showing real prefixes.
 README.md:102
Medium
External dependency with unpinned version Supply Chain
requirements.txt specifies 'openclaw>=2026.3.0' without an upper bound. This allows the package maintainer to push malicious updates that would be automatically installed.
openclaw>=2026.3.0
→ Pin to a specific version: openclaw==2026.3.0
 requirements.txt:12
Low
Chrome User-Agent flagged as hardcoded IP (false positive) Sensitive Access
The pre-scan flagged '131.0.0.0' as a hardcoded IP in crawler_agent.py:27. This is actually part of the Chrome browser version string in the User-Agent header, not an IP address.
"Chrome/131.0.0.0 Safari/537.36"
→ No action needed - this is a false positive from the scanner.
 agents/crawler_agent.py:27
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned All file operations are for config loading and output writing (legitimate)
Network READ READ ✓ Aligned requests.get/post to legitimate APIs: Gemini, OpenAI, Apify, Facebook Graph API
Shell NONE NONE No subprocess, os.system, or shell execution found
Environment READ READ ✓ Aligned os.getenv() used only for documented API keys (config.py)
1 High 12 findings
📡
High IP Address 硬编码 IP 地址
131.0.0.0
agents/crawler_agent.py:27
🔗
Medium External URL 外部 URL
https://dantri.com.vn/...
README.md:53
🔗
Medium External URL 外部 URL
https://www.facebook.com/...
README.md:56
🔗
Medium External URL 外部 URL
https://vnexpress.net/...
SKILL.md:54
🔗
Medium External URL 外部 URL
https://dantri.com.vn/suc-manh-so/cong-nghe-ai-tao-sinh-dang-thay-doi-nganh-truyen-thong-nhu-the-nao-20240101000000000.h...
agents/crawler_agent.py:204
🔗
Medium External URL 外部 URL
https://www.facebook.com/
agents/fb_publisher_agent.py:107
🔗
Medium External URL 外部 URL
https://developers.facebook.com/tools/explorer[/link
agents/fb_token_helper.py:81
🔗
Medium External URL 外部 URL
https://dantri.com.vn/example
agents/writer_agent.py:156
🔗
Medium External URL 外部 URL
https://graph.facebook.com/
config.py:33
🔗
Medium External URL 外部 URL
https://dantri.com.vn/some-article.htm
main.py:310
🔗
Medium External URL 外部 URL
https://graph.facebook.com
skills/facebook/references/graph-api-overview.md:4
🔗
Medium External URL 外部 URL
https://graph.facebook.com/vXX.X
skills/facebook/references/graph-api-overview.md:5

File Tree

24 files · 80.5 KB · 2010 lines
Python 12f · 1522L Markdown 8f · 381L Text 2f · 68L Other 1f · 27L Ignore 1f · 12L
├─ 📁 agents
│ ├─ 🐍 __init__.py Python 1L · 25 B
│ ├─ 🐍 crawler_agent.py Python 206L · 8.4 KB
│ ├─ 🐍 fb_publisher_agent.py Python 180L · 8.3 KB
│ ├─ 🔑 fb_token_helper.py Python 150L · 5.1 KB
│ ├─ 🐍 image_agent.py Python 96L · 3.5 KB
│ └─ 🐍 writer_agent.py Python 169L · 7.1 KB
├─ 📁 skills
│ └─ 📁 facebook
│ └─ 📁 references
│ ├─ 📝 comments-moderation.md Markdown 24L · 648 B
│ ├─ 📝 graph-api-overview.md Markdown 26L · 836 B
│ ├─ 📝 http-request-templates.md Markdown 52L · 814 B
│ ├─ 📝 page-posting.md Markdown 37L · 955 B
│ ├─ 🔑 permissions-and-tokens.md Markdown 21L · 740 B
│ └─ 📝 webhooks.md Markdown 19L · 538 B
├─ 🔑 .env 27L · 1.1 KB
├─ 📄 .gitignore Ignore 12L · 95 B
├─ 🐍 config.py Python 74L · 3.1 KB
├─ 🐍 main.py Python 393L · 15.9 KB
├─ 🐍 models.py Python 62L · 2.1 KB
├─ 📄 output_log.txt Text 57L · 9.0 KB
├─ 📝 README.md Markdown 128L · 3.7 KB
├─ 📄 requirements.txt Text 11L · 200 B
├─ 🐍 sitecustomize.py Python 11L · 465 B
├─ 📝 SKILL.md Markdown 74L · 2.4 KB
├─ 🐍 test_fb_connection.py Python 100L · 3.3 KB
└─ 🐍 utils.py Python 80L · 2.2 KB

Dependencies 7 items

PackageVersionSourceKnown VulnsNotes
openai >=1.30.0 pip No Version not pinned but package is reputable
requests >=2.31.0 pip No Version not pinned but package is reputable
apify-client >=1.7.0 pip No Version not pinned but package is reputable
openclaw >=2026.3.0 pip No Version not pinned - supply chain risk
google-genai >=1.0.0 pip No Official Google package - reputable
beautifulsoup4 >=4.12.0 pip No Well-known package
openclaw >=2026.3.0 pip No CRITICAL: Version not pinned - allows malicious updates

Security Positives

✓ No shell execution (subprocess, os.system, eval, or base64 decoding)
✓ No credential harvesting - credentials used only for legitimate API calls
✓ No data exfiltration - all network calls go to documented services (Facebook, Gemini, OpenAI, Apify)
✓ No obfuscation - code is well-structured and readable
✓ SKILL.md accurately describes all capabilities and permissions
✓ Proper use of .gitignore to exclude .env
✓ All dependencies except openclaw are properly version-pinned
✓ No hidden functionality or undocumented behavior detected