Name: skroller Security Report — Low Risk | ClawSafe
Item: skroller
Rating: 75
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

25 /100

skroller

Automated social media content collection and analysis across platforms

合法的社交媒体内容收集工具，代码结构清晰，无恶意行为证据，存在轻微供应链风险（依赖无版本锁定）。

Skill Nameskroller

Duration36.0s

Enginepi

ClawHub skroller v0.0.1 by 10oss

📥 176

ClawHub Verdict Suspicious dangerous_execdynamic_code_executionenv_credential_accessllm_suspiciouspotential_exfiltrationvt_suspicious

✓

Safe to install

可安全使用。注意：依赖 playwright 未锁定精确版本，建议在生产环境中固定版本号；使用前确保遵守各平台服务条款。

Findings 3 items

Severity	Finding	Location
Low	依赖版本未精确锁定 Supply Chain playwright 使用 ^1.40.0 语义化版本控制，可能自动安装不兼容的更新版本 `"playwright": "^1.40.0"` → 改为精确版本或锁定次版本：如 "playwright": "1.40.0" 或 "~1.40.0"	`package.json:18`
Low	shell执行能力未在文档声明 Doc Mismatch export-to-notes.js 使用 execSync 执行 shell 命令（用于 Bear 导出调用 grizzly CLI），但 SKILL.md 中未声明 shell 权限需求 `execSync(command, { stdio: 'inherit' });` → 在 SKILL.md 中声明需要 shell:WRITE 权限用于调用 grizzly CLI	`scripts/export-to-notes.js:323`
Info	AppleScript 执行涉及系统交互 Sensitive Access Apple Notes 导出通过 osascript 执行 AppleScript，可能触发系统权限提示 execSync(`osascript -e '${script}'`, { stdio: 'inherit' }); → 这是 macOS 笔记应用导出的标准方式，属于合法用途	`scripts/export-to-notes.js:357`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	scripts/skroller.js:234 fs.writeFileSync(output, content)
Network	`READ`	`READ`	✓ Aligned	scripts/skroller.js:166 await page.goto(url)
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/export-to-notes.js:323 execSync(command, { stdio: 'inherit' })

51 findings

🔗

Medium External URL 外部 URL

https://twitter.com/...

SKILL.md:215

🔗

Medium External URL 外部 URL

https://www.reddit.com/search.json?q=test

assets/selector-reference.md:84

🔗

Medium External URL 外部 URL

https://news.ycombinator.com/search?query=test

assets/selector-reference.md:315

🔗

Medium External URL 外部 URL

https://twitter.com/

references/platform-details.md:20

🔗

Medium External URL 外部 URL

https://twitter.com/search?q=

references/platform-details.md:21

🔗

Medium External URL 外部 URL

https://twitter.com/search?q=%23

references/platform-details.md:22

🔗

Medium External URL 外部 URL

https://www.reddit.com/search/?q=

references/platform-details.md:51

🔗

Medium External URL 外部 URL

https://www.reddit.com/r/

references/platform-details.md:52

🔗

Medium External URL 外部 URL

https://www.reddit.com/user/

references/platform-details.md:53

🔗

Medium External URL 外部 URL

https://oauth.reddit.com

references/platform-details.md:65

🔗

Medium External URL 外部 URL

https://www.reddit.com/

references/platform-details.md:66

🔗

Medium External URL 外部 URL

https://oauth.reddit.com/search.json?q=$

references/platform-details.md:73

🔗

Medium External URL 外部 URL

https://www.instagram.com/

references/platform-details.md:84

🔗

Medium External URL 外部 URL

https://www.instagram.com/explore/tags/

references/platform-details.md:85

🔗

Medium External URL 外部 URL

https://www.instagram.com/reels/

references/platform-details.md:86

🔗

Medium External URL 外部 URL

https://www.tiktok.com/search?q=

references/platform-details.md:115

🔗

Medium External URL 外部 URL

https://www.tiktok.com/@

references/platform-details.md:116

🔗

Medium External URL 外部 URL

https://www.tiktok.com/tag/

references/platform-details.md:117

🔗

Medium External URL 外部 URL

https://www.linkedin.com/search/results/content/?keywords=

references/platform-details.md:146

🔗

Medium External URL 外部 URL

https://www.linkedin.com/in/

references/platform-details.md:147

🔗

Medium External URL 外部 URL

https://www.linkedin.com/company/

references/platform-details.md:148

🔗

Medium External URL 外部 URL

https://www.youtube.com/results?search_query=

references/platform-details.md:177

🔗

Medium External URL 外部 URL

https://www.youtube.com/@

references/platform-details.md:178

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=

references/platform-details.md:179

🔗

Medium External URL 外部 URL

https://news.ycombinator.com/search?query=

references/platform-details.md:231

🔗

Medium External URL 外部 URL

https://news.ycombinator.com/

references/platform-details.md:232

🔗

Medium External URL 外部 URL

https://news.ycombinator.com/newest

references/platform-details.md:233

🔗

Medium External URL 外部 URL

https://www.producthunt.com/search?q=

references/platform-details.md:256

🔗

Medium External URL 外部 URL

https://www.producthunt.com/topics/

references/platform-details.md:257

🔗

Medium External URL 外部 URL

https://www.producthunt.com/leaderboard

references/platform-details.md:258

🔗

Medium External URL 外部 URL

https://medium.com/search?q=

references/platform-details.md:279

🔗

Medium External URL 外部 URL

https://medium.com/

references/platform-details.md:280

🔗

Medium External URL 外部 URL

https://medium.com/@

references/platform-details.md:281

🔗

Medium External URL 外部 URL

https://www.pinterest.com/search/pins/?q=

references/platform-details.md:333

🔗

Medium External URL 外部 URL

https://www.pinterest.com/

references/platform-details.md:334

🔗

Medium External URL 外部 URL

https://api.notion.com/v1/pages

scripts/export-to-notes.js:253

🔗

Medium External URL 外部 URL

http://xml.evernote.com/pub/evernote-export4.dtd

scripts/export-to-notes.js:321

🔗

Medium External URL 外部 URL

https://graph.microsoft.com/v1.0/me/onenote/sections/$

scripts/export-to-notes.js:387

🔗

Medium External URL 外部 URL

https://graph.microsoft.com/v1.0/me/onenote/pages

scripts/export-to-notes.js:388

🔗

Medium External URL 外部 URL

https://keep.google.com

scripts/export-to-notes.js:441

🔗

Medium External URL 外部 URL

https://twitter.com/$

scripts/skroller.js:24

🔗

Medium External URL 外部 URL

https://twitter.com/search?q=$

scripts/skroller.js:25

🔗

Medium External URL 外部 URL

https://www.reddit.com/search/?q=$

scripts/skroller.js:38

🔗

Medium External URL 外部 URL

https://www.instagram.com/$

scripts/skroller.js:51

🔗

Medium External URL 外部 URL

https://www.instagram.com/explore/tags/$

scripts/skroller.js:52

🔗

Medium External URL 外部 URL

https://www.tiktok.com/search?q=$

scripts/skroller.js:63

🔗

Medium External URL 外部 URL

https://www.linkedin.com/search/results/content/?keywords=$

scripts/skroller.js:74

🔗

Medium External URL 外部 URL

https://www.youtube.com/results?search_query=$

scripts/skroller.js:86

🔗

Medium External URL 外部 URL

https://www.producthunt.com/search?q=$

scripts/skroller.js:97

🔗

Medium External URL 外部 URL

https://medium.com/search?q=$

scripts/skroller.js:108

🔗

Medium External URL 外部 URL

https://www.pinterest.com/search/pins/?q=$

scripts/skroller.js:132

File Tree

9 files · 70.1 KB · 2491 lines

Markdown 4f · 1293L JavaScript 3f · 1135L JSON 2f · 63L

├─ ▾ 📁 assets

│ └─ 📝 selector-reference.md Markdown 414L · 6.5 KB

├─ ▾ 📁 references

│ ├─ 📝 platform-details.md Markdown 350L · 8.0 KB

│ └─ 📝 rate-limits.md Markdown 222L · 5.5 KB

├─ ▾ 📁 scripts

│ ├─ 📜 export-to-notes.js JavaScript 655L · 21.4 KB

│ ├─ 📜 feed-digest.js JavaScript 171L · 5.2 KB

│ └─ 📜 skroller.js JavaScript 309L · 12.1 KB

├─ 📋 .skroller-config.example.json JSON 37L · 833 B

├─ 📋 package.json JSON 26L · 572 B

└─ 📝 SKILL.md Markdown 307L · 10.0 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`^1.40.0`	npm	No	使用语义化版本，建议锁定精确版本

Security Positives

✓ 代码结构清晰，注释完整，包含合规声明

✓ 无 base64 编码或混淆代码

✓ 无凭证收割、环境变量遍历或敏感路径访问

✓ 无外部 IP 或 C2 通信

✓ 所有网络请求指向合法社交媒体平台

✓ 支持 dry-run 模式，可预览操作

✓ 支持多平台笔记应用导出，功能透明

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives