mermaid-to-feishu 安全扫描报告 — 可信 | ClawSafe

5 /100

mermaid-to-feishu

Canvas/Browser rendering of Mermaid diagrams to PNG images for Feishu messaging

This is a documentation-only skill for rendering Mermaid diagrams to Feishu images. No malicious code or scripts are present; only SKILL.md exists describing the intended behavior.

技能名称mermaid-to-feishu

分析耗时25.0s

引擎pi

✓

可以安装

This skill is safe to use. The documentation is clear and describes legitimate browser-based Mermaid rendering with Feishu API integration.

安全发现 1 项

严重性	安全发现	位置
提示	Documentation references non-existent scripts 文档欺骗 SKILL.md mentions scripts/send-mermaid.py but no scripts directory exists. This is a documentation-only delivery. `scripts/send-mermaid.py` → No action needed - this is acceptable for a documentation-style skill that relies on external tools.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in documentation
网络访问	`READ`	`READ`	✓ 一致	Mermaid CDN and Feishu API only
命令执行	`NONE`	`NONE`	—	No subprocess usage
浏览器	`READ`	`READ`	✓ 一致	Browser navigate + snapshot documented

3 项发现

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

SKILL.md:238

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/images

SKILL.md:263

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id

SKILL.md:276

目录结构

2 文件 · 11.2 KB · 474 行

Markdown 1f · 459L JSON 1f · 15L

├─ 📋 skill.json JSON 15L · 411 B

└─ 📝 SKILL.md Markdown 459L · 10.8 KB

安全亮点

✓ No actual malicious code present - only documentation

✓ Network requests limited to legitimate CDNs (jsdelivr.net) and official Feishu API

✓ No credential harvesting or exfiltration behavior

✓ Clear documentation of intended browser-based rendering workflow

✓ No base64-encoded commands or obfuscation

✓ No remote script execution patterns (curl|bash, wget|sh)