oasis-audio 安全扫描报告 — 可信 | ClawSafe

5 /100

oasis-audio

AI audio narration generator that reads local conversation history and sends composed anonymized text prompts to xplai.ai for audio generation

Oasis Audio is a well-designed audio generation skill with strong data-safety controls, explicit content sanitization, and no evidence of credential harvesting, remote code execution, or data exfiltration beyond its declared API endpoint.

技能名称oasis-audio

分析耗时36.9s

引擎pi

✓

可以安装

Approve for use. No security concerns require mitigation.

安全发现 2 项

严重性	安全发现	位置
低危	Audit log write not declared in SKILL.md xplai_gen_audio.py writes an audit.log file locally. SKILL.md declares filesystem:READ only. The write is benign (local, on-demand, debug-optional), but not documented. `with open(AUDIT_LOG_PATH, 'a', encoding='utf-8') as f:` → Add 'filesystem:WRITE' for audit.log or gate writes behind a flag to avoid local filesystem side effects.	`xplai_gen_audio.py:44`
低危	Network scope wording mismatch SKILL.md describes network access as HTTPS requests (read-like framing) but the actual operation is POST/GET which sends data. Declared 'READ' but operates as 'WRITE' for the audio generation step. `Network: HTTPS requests to xplai.ai only` → Clarify that the skill sends composed text prompts to xplai.ai (network:WRITE) rather than reading from it.	`SKILL.md:158`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ+WRITE`	✓ 一致	xplai_gen_audio.py:44 - AUDIT_LOG_PATH write; debug_utils.py debug logging
网络访问	`READ`	`WRITE`	✓ 一致	xplai_gen_audio.py:75 - POST requests send text payload to xplai.ai; SKILL.md co…
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
环境变量	`NONE`	`NONE`	—	No os.environ iteration or credential access
技能调用	`NONE`	`NONE`	—	No nested skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

3 项发现

🔗

中危外部 URL 外部 URL

https://eagle-api.xplai.ai

SKILL.md:3

🔗

中危外部 URL 外部 URL

https://www.xplai.ai/

SKILL.md:26

🔗

中危外部 URL 外部 URL

https://www.xplai.ai/#/video/

xplai_status.py:55

目录结构

7 文件 · 47.4 KB · 1063 行

Python 4f · 683L Markdown 3f · 380L

├─ 📝 audio_modes.md Markdown 45L · 3.0 KB

├─ 🐍 context_collector.py Python 393L · 12.9 KB

├─ 🐍 debug_utils.py Python 52L · 1.4 KB

├─ 📝 SKILL.md Markdown 200L · 11.5 KB

├─ 📝 text_architecture.md Markdown 135L · 10.3 KB

├─ 🐍 xplai_gen_audio.py Python 154L · 5.4 KB

└─ 🐍 xplai_status.py Python 84L · 2.9 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`Python stdlib only`	`N/A`	stdlib	否	Uses only http.client, json, re, pathlib, datetime, argparse — no third-party packages

安全亮点

✓ Active content sanitization: SENSITIVE_PATTERNS regexes block API keys, passwords, SSH keys, Bearer tokens, emails, and file paths from being sent to the API

✓ Strict data scoping: Only composed text prompts (anonymized ~1000 chars) are transmitted; raw conversation history, session files, and USER.md are never sent externally

✓ No credential access: No API key storage, no environment variable enumeration, no ~/.ssh or ~/.aws path access

✓ No shell execution: No subprocess, os.system, eval, base64 piping, or curl|bash patterns found anywhere

✓ Sensitive scene classification: Health, financial, legal, and relationship topics extract emotional tone only — specifics are never quoted

✓ Local-only context collection: context_collector.py operates entirely on-device with read-only session access

✓ No third-party telemetry or analytics

✓ No hardcoded secrets or embedded tokens in any file

✓ Version-agnostic stdlib-only dependencies (http.client, json, re, pathlib)