telegram-contract-ops Security Report — Trusted | ClawSafe

5 /100

telegram-contract-ops

Telegram-based internal contract generation and eID intake workflow for Vietnamese operations

越南业务合同生成 Telegram Bot，功能完整、文档一致，无恶意行为迹象。

Skill Nametelegram-contract-ops

Duration31.0s

Enginepi

✓

Safe to install

该技能安全可用，部署时注意保护 .env 中的 Telegram Bot Token。

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	scripts/plan-b-docx-generate.py:96-102 写 docx
Network	`NONE`	`READ`	✓ Aligned	scripts/telegram-planb-bot.js:8-9 仅调用 api.telegram.org
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/telegram-planb-bot.js:74,226 execFileSync 调用外部脚本
Environment	`NONE`	`READ`	✓ Aligned	scripts/telegram-planb-bot.js:6 读取 TELEGRAM_BOT_TOKEN

4 findings

🔗

Medium External URL 外部 URL

http://schemas.openxmlformats.org/wordprocessingml/2006/main

scripts/plan-b-docx-generate.py:11

🔗

Medium External URL 外部 URL

https://api.telegram.org/bot$

scripts/telegram-planb-bot.js:8

🔗

Medium External URL 外部 URL

https://api.telegram.org/file/bot$

scripts/telegram-planb-bot.js:60

📧

Info Email 邮箱地址

[email protected]

scripts/plan-b-docx-generate.py:46

File Tree

14 files · 51.3 KB · 1528 lines

JavaScript 3f · 782L Markdown 8f · 446L Python 1f · 208L Swift 1f · 74L Text 1f · 18L

├─ ▾ 📁 assets

│ └─ 📄 plan-b-telegram-template.txt Text 18L · 175 B

├─ ▾ 📁 references

│ ├─ 📝 architecture.md Markdown 33L · 922 B

│ ├─ 📝 clawhub.md Markdown 39L · 693 B

│ ├─ 📝 deployment.md Markdown 207L · 4.2 KB

│ ├─ 📝 input-template.md Markdown 24L · 300 B

│ ├─ 📝 macos.md Markdown 25L · 507 B

│ ├─ 📝 troubleshooting.md Markdown 30L · 1.0 KB

│ └─ 📝 windows.md Markdown 30L · 761 B

├─ ▾ 📁 scripts

│ ├─ 🐍 plan-b-docx-generate.py Python 208L · 10.2 KB

│ ├─ 📜 plan-b-telegram-to-docx.js JavaScript 172L · 6.0 KB

│ ├─ 📜 plan-c-eid-parse.js JavaScript 230L · 8.1 KB

│ ├─ 📄 plan-c-ocr.swift Swift 74L · 1.7 KB

│ └─ 📜 telegram-planb-bot.js JavaScript 380L · 14.5 KB

└─ 📝 SKILL.md Markdown 58L · 2.2 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`python-docx`	`*`	pip	No	文档生成依赖
`node (外部)`	`N/A`	system	No	通过 execFileSync 调用
`swift (外部)`	`N/A`	system	No	Vision Framework OCR

Security Positives

✓ 文档声明与代码行为完全一致

✓ 网络请求仅限 Telegram API，无外部可疑连接

✓ 无 Base64/eval/混淆代码

✓ 不访问敏感路径如 ~/.ssh 或 .env（读取环境变量仅限 TELEGRAM_BOT_TOKEN）

✓ 无凭证收割、远程执行或数据外泄行为

✓ OCR 仅本地处理图片，输出结构化字段

Scan Report

File Tree

Dependencies 3 items

Security Positives