Scan Report
5 /100
TrendProof
Query TrendProof (trendproof.dev) for keyword trend velocity scores
TrendProof is a legitimate keyword trend analysis tool that makes authenticated API calls to trendproof.dev using only Python standard library, with no malicious behavior detected.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | WRITE | ✓ Aligned | SKILL.md:53 _write_config() saves API key to config |
| Network | READ | READ | ✓ Aligned | scripts/trendproof.py:84 _post() makes HTTP POST to trendproof.dev API |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell commands used |
| Environment | READ | READ | ✓ Aligned | scripts/trendproof.py:50 Reads TRENDPROOF_API_KEY |
7 findings
Medium External URL 外部 URL
https://trendproof.dev SKILL.md:17 Medium External URL 外部 URL
https://trendproof.dev/dashboard#keys** SKILL.md:32 Medium External URL 外部 URL
https://trendproof.dev/api/analyze SKILL.md:154 Medium External URL 外部 URL
https://trendproof.dev/api/related SKILL.md:160 Medium External URL 外部 URL
https://trendproof.dev/api/leaderboard?limit=10&sort=velocity SKILL.md:166 Medium External URL 外部 URL
https://trendproof.dev/dashboard#keys SKILL.md:195 Medium External URL 外部 URL
https://trendproof.dev; scripts/trendproof.py:21 File Tree
3 files · 18.9 KB · 570 lines Python 1f · 357L
Markdown 1f · 199L
JSON 1f · 14L
├─
▾
scripts
│ └─
trendproof.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (urllib) - no external dependencies
✓ API key is stored locally in config file, never exfiltrated
✓ No shell execution or subprocess usage
✓ No obfuscation, base64 encoding, or suspicious patterns
✓ Error handling properly returns HTTP status codes
✓ Network requests limited to documented trendproof.dev endpoint
✓ Config file uses standard XDG path (~/.config/clawdbot/)