kids-ai-magazine Security Report — Trusted | ClawSafe

5 /100

kids-ai-magazine

Generate a kids-friendly AI news magazine with text and audio narration

A benign content generation tool for creating children's AI news magazines with TTS audio. No malicious patterns detected; all functionality is declared and appropriate for the stated purpose.

Skill Namekids-ai-magazine

Duration27.9s

Enginepi

✓

Safe to install

No action required. The skill is safe for use.

Findings 1 items

Severity	Finding	Location
Low	Minor SKILL.md vs Script Mismatch Doc Mismatch SKILL.md shows 'cloudflared tunnel --url http://localhost:8899' as a usage example but the scripts do not implement or call cloudflared. This is benign as it only provides manual instructions. `cloudflared tunnel --url http://localhost:8899` → No action needed; this is documentation of expected behavior, not hidden functionality.	`SKILL.md:64`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares file writes for magazine output; build_magazine.py line 87 wri…
Network	`READ`	`READ`	✓ Aligned	SKILL.md lists external news sources; template.html contains legitimate URLs to …
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares http.server and cloudflared; generate_audio.py line 21 uses su…
Environment	`NONE`	`NONE`	—	No os.environ access found in any script
Skill Invoke	`NONE`	`NONE`	—	No skill_invoke capability used
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

3 findings

🔗

Medium External URL 外部 URL

https://www.thepaper.cn/newsDetail_forward_32689787

assets/template.html:184

🔗

Medium External URL 外部 URL

https://www.woshipm.com/share/6355994.html

assets/template.html:236

🔗

Medium External URL 外部 URL

https://36kr.com/p/3602173033792516

assets/template.html:288

File Tree

5 files · 29.5 KB · 671 lines

HTML 1f · 365L Python 2f · 153L Markdown 1f · 93L JSON 1f · 60L

├─ ▾ 📁 assets

│ └─ 📄 template.html HTML 365L · 14.7 KB

├─ ▾ 📁 references

│ └─ 📋 example-stories.json JSON 60L · 5.7 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 build_magazine.py Python 98L · 3.5 KB

│ └─ 🐍 generate_audio.py Python 55L · 1.9 KB

└─ 📝 SKILL.md Markdown 93L · 3.6 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`edge-tts`	`*`	pip	No	Microsoft Azure TTS service; no version pinning specified but package is well-maintained

Security Positives

✓ No credential theft or environment variable harvesting

✓ No data exfiltration or C2 communication

✓ No obfuscation (base64, eval, encoded commands)

✓ No reverse shell or RCE capabilities

✓ No hidden instructions in HTML comments

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No supply chain risks - uses only standard library and edge-tts

✓ All subprocess usage is declared and appropriate for the tool's purpose

✓ Template HTML contains no malicious content

✓ External URLs point to legitimate Chinese news sources

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives