ai-content-pipeline 安全扫描报告 — 可疑 | ClawSafe

45 /100

ai-content-pipeline

End-to-end AI Content Pipeline that crawls articles, rewrites them using Google Gemini, and automatically publishes to Facebook Fanpage

Skill exposes production credentials in .env file and has an unpinned external dependency, though core functionality appears legitimate without malicious behavior.

技能名称ai-content-pipeline

分析耗时69.5s

引擎pi

⚠

谨慎使用

1) Remove real credentials from .env and use only placeholder values; 2) Pin openclaw to a specific version (e.g., openclaw==2026.3.0); 3) Remove credential prefixes from README.md table; 4) Ensure .env is never committed to version control

安全发现 4 项

严重性	安全发现	位置
高危	Production API credentials in .env file 凭证窃取 The .env file contains real OpenAI API key, Apify token, Facebook App Secret, and Page Access Token. If this file is committed to version control or shared, all credentials are exposed to attackers. `OPENAI_API_KEY=sk-proj-Z-KB75ZFpWtDHLKqE9Sq1LKfk8cahCw4RFWHGDgjKNPIJzhx...` → Remove all real credentials. Use only placeholder values (e.g., OPENAI_API_KEY=your_key_here). Add .env to .gitignore (already present) and never commit.	`.env:7`
中危	Credential prefixes exposed in documentation 文档欺骗 README.md lines 102-103 display partial API key prefixes in a credentials table, which could aid attackers in identifying the key type. \| OpenAI \| `sk-proj-Z-KB75Z...` \| → Remove credential examples from README.md. Use generic placeholders like 'your_openai_key' instead of showing real prefixes.	`README.md:102`
中危	External dependency with unpinned version 供应链 requirements.txt specifies 'openclaw>=2026.3.0' without an upper bound. This allows the package maintainer to push malicious updates that would be automatically installed. `openclaw>=2026.3.0` → Pin to a specific version: openclaw==2026.3.0	`requirements.txt:12`
低危	Chrome User-Agent flagged as hardcoded IP (false positive) 敏感访问 The pre-scan flagged '131.0.0.0' as a hardcoded IP in crawler_agent.py:27. This is actually part of the Chrome browser version string in the User-Agent header, not an IP address. `"Chrome/131.0.0.0 Safari/537.36"` → No action needed - this is a false positive from the scanner.	`agents/crawler_agent.py:27`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	All file operations are for config loading and output writing (legitimate)
网络访问	`READ`	`READ`	✓ 一致	requests.get/post to legitimate APIs: Gemini, OpenAI, Apify, Facebook Graph API
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
环境变量	`READ`	`READ`	✓ 一致	os.getenv() used only for documented API keys (config.py)

1 高危 12 项发现

📡

高危 IP 地址硬编码 IP 地址

131.0.0.0

agents/crawler_agent.py:27

🔗

中危外部 URL 外部 URL

https://dantri.com.vn/...

README.md:53

🔗

中危外部 URL 外部 URL

https://www.facebook.com/...

README.md:56

🔗

中危外部 URL 外部 URL

https://vnexpress.net/...

SKILL.md:54

🔗

中危外部 URL 外部 URL

https://dantri.com.vn/suc-manh-so/cong-nghe-ai-tao-sinh-dang-thay-doi-nganh-truyen-thong-nhu-the-nao-20240101000000000.h...

agents/crawler_agent.py:204

🔗

中危外部 URL 外部 URL

https://www.facebook.com/

agents/fb_publisher_agent.py:107

🔗

中危外部 URL 外部 URL

https://developers.facebook.com/tools/explorer[/link

agents/fb_token_helper.py:81

🔗

中危外部 URL 外部 URL

https://dantri.com.vn/example

agents/writer_agent.py:156

🔗

中危外部 URL 外部 URL

https://graph.facebook.com/

config.py:33

🔗

中危外部 URL 外部 URL

https://dantri.com.vn/some-article.htm

main.py:310

🔗

中危外部 URL 外部 URL

https://graph.facebook.com

skills/facebook/references/graph-api-overview.md:4

🔗

中危外部 URL 外部 URL

https://graph.facebook.com/vXX.X

skills/facebook/references/graph-api-overview.md:5

目录结构

24 文件 · 80.5 KB · 2010 行

Python 12f · 1522L Markdown 8f · 381L Text 2f · 68L Other 1f · 27L Ignore 1f · 12L

├─ ▾ 📁 agents

│ ├─ 🐍 __init__.py Python 1L · 25 B

│ ├─ 🐍 crawler_agent.py Python 206L · 8.4 KB

│ ├─ 🐍 fb_publisher_agent.py Python 180L · 8.3 KB

│ ├─ 🔑 fb_token_helper.py ⚠ Python 150L · 5.1 KB

│ ├─ 🐍 image_agent.py Python 96L · 3.5 KB

│ └─ 🐍 writer_agent.py Python 169L · 7.1 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 facebook

│ └─ ▾ 📁 references

│ ├─ 📝 comments-moderation.md Markdown 24L · 648 B

│ ├─ 📝 graph-api-overview.md Markdown 26L · 836 B

│ ├─ 📝 http-request-templates.md Markdown 52L · 814 B

│ ├─ 📝 page-posting.md Markdown 37L · 955 B

│ ├─ 🔑 permissions-and-tokens.md ⚠ Markdown 21L · 740 B

│ └─ 📝 webhooks.md Markdown 19L · 538 B

├─ 🔑 .env ⚠ 27L · 1.1 KB

├─ 📄 .gitignore Ignore 12L · 95 B

├─ 🐍 config.py Python 74L · 3.1 KB

├─ 🐍 main.py Python 393L · 15.9 KB

├─ 🐍 models.py Python 62L · 2.1 KB

├─ 📄 output_log.txt Text 57L · 9.0 KB

├─ 📝 README.md Markdown 128L · 3.7 KB

├─ 📄 requirements.txt Text 11L · 200 B

├─ 🐍 sitecustomize.py Python 11L · 465 B

├─ 📝 SKILL.md Markdown 74L · 2.4 KB

├─ 🐍 test_fb_connection.py Python 100L · 3.3 KB

└─ 🐍 utils.py Python 80L · 2.2 KB

依赖分析 7 项

包名	版本	来源	已知漏洞	备注
`openai`	`>=1.30.0`	pip	否	Version not pinned but package is reputable
`requests`	`>=2.31.0`	pip	否	Version not pinned but package is reputable
`apify-client`	`>=1.7.0`	pip	否	Version not pinned but package is reputable
`openclaw`	`>=2026.3.0`	pip	否	Version not pinned - supply chain risk
`google-genai`	`>=1.0.0`	pip	否	Official Google package - reputable
`beautifulsoup4`	`>=4.12.0`	pip	否	Well-known package
`openclaw`	`>=2026.3.0`	pip	否	CRITICAL: Version not pinned - allows malicious updates

安全亮点

✓ No shell execution (subprocess, os.system, eval, or base64 decoding)

✓ No credential harvesting - credentials used only for legitimate API calls

✓ No data exfiltration - all network calls go to documented services (Facebook, Gemini, OpenAI, Apify)

✓ No obfuscation - code is well-structured and readable

✓ SKILL.md accurately describes all capabilities and permissions

✓ Proper use of .gitignore to exclude .env

✓ All dependencies except openclaw are properly version-pinned

✓ No hidden functionality or undocumented behavior detected