扫描报告
5 /100
TrendProof
Query TrendProof (trendproof.dev) for keyword trend velocity scores
TrendProof is a legitimate keyword trend analysis tool that makes authenticated API calls to trendproof.dev using only Python standard library, with no malicious behavior detected.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md:53 _write_config() saves API key to config |
| 网络访问 | READ | READ | ✓ 一致 | scripts/trendproof.py:84 _post() makes HTTP POST to trendproof.dev API |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell commands used |
| 环境变量 | READ | READ | ✓ 一致 | scripts/trendproof.py:50 Reads TRENDPROOF_API_KEY |
7 项发现
中危 外部 URL 外部 URL
https://trendproof.dev SKILL.md:17 中危 外部 URL 外部 URL
https://trendproof.dev/dashboard#keys** SKILL.md:32 中危 外部 URL 外部 URL
https://trendproof.dev/api/analyze SKILL.md:154 中危 外部 URL 外部 URL
https://trendproof.dev/api/related SKILL.md:160 中危 外部 URL 外部 URL
https://trendproof.dev/api/leaderboard?limit=10&sort=velocity SKILL.md:166 中危 外部 URL 外部 URL
https://trendproof.dev/dashboard#keys SKILL.md:195 中危 外部 URL 外部 URL
https://trendproof.dev; scripts/trendproof.py:21 目录结构
3 文件 · 18.9 KB · 570 行 Python 1f · 357L
Markdown 1f · 199L
JSON 1f · 14L
├─
▾
scripts
│ └─
trendproof.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Python standard library (urllib) - no external dependencies
✓ API key is stored locally in config file, never exfiltrated
✓ No shell execution or subprocess usage
✓ No obfuscation, base64 encoding, or suspicious patterns
✓ Error handling properly returns HTTP status codes
✓ Network requests limited to documented trendproof.dev endpoint
✓ Config file uses standard XDG path (~/.config/clawdbot/)