deep-research-engine 安全扫描报告 — 低风险 | ClawSafe

20 /100

deep-research-engine

Autonomous deep research agent with multi-step web search, sub-agent delegation, and structured report generation

Deep research agent with legitimate web search, API-based content fetching, and file writing capabilities. The pre-flagged hardcoded IP (120.0.0.0) appears to be a placeholder/range notation, not active malicious code. No evidence of credential harvesting, data exfiltration, or undeclared functionality.

技能名称deep-research-engine

分析耗时39.2s

引擎pi

✓

可以安装

Skill appears safe for use. The hardcoded IP notation should be replaced with a proper domain name or removed. Ensure API keys are stored securely and not logged.

安全发现 3 项

严重性	安全发现	位置
低危	Placeholder IP notation in pre-scan Pre-scan flagged 120.0.0.0 at line 46, but code review shows no active IP connection. The notation appears to be a placeholder or was misidentified by the scanner. No actual connection to this IP occurs in the code. `resp = httpx.get(url, headers=headers, timeout=timeout, follow_redirects=True)` → If 120.0.0.0 was intentional placeholder notation, replace with a proper domain name or remove. If a typo, no action needed.	`backend/agent.py:46`
低危	Undeclared filesystem write capability SKILL.md does not explicitly declare filesystem:WRITE permission, but the agent writes reports to /final_report.md and /research_request.md as part of its core functionality. ## Workflow: ... Write a comprehensive report to `/final_report.md` → Add filesystem:WRITE to the skill's allowed-tools declaration or document the file writing scope.	`SKILL.md:1`
提示	Dependency version constraints requirements.txt uses >= constraints without upper bounds, allowing potentially breaking changes to be installed automatically. `deepagents>=0.1.0` → Consider pinning to specific versions for reproducible builds.	`backend/requirements.txt:1`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	httpx.get() calls to fetch web content via declared Tavily API integration
文件系统	`NONE`	`WRITE`	✓ 一致	Writes /final_report.md, /research_request.md - functional necessity, not hidden
技能调用	`READ`	`READ`	✓ 一致	Sub-agent delegation via create_deep_agent
环境变量	`READ`	`READ`	✓ 一致	Reads TAVILY_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY for configuration

1 高危 2 项发现

📡

高危 IP 地址硬编码 IP 地址

120.0.0.0

backend/agent.py:46

🔗

中危外部 URL 外部 URL

https://tavily.com/

README.md:46

目录结构

4 文件 · 13.8 KB · 407 行

Python 1f · 213L Markdown 2f · 187L Text 1f · 7L

├─ ▾ 📁 backend

│ ├─ 🐍 agent.py Python 213L · 7.8 KB

│ └─ 📄 requirements.txt Text 7L · 139 B

├─ 📝 README.md Markdown 93L · 3.0 KB

└─ 📝 SKILL.md Markdown 94L · 2.9 KB

依赖分析 4 项

包名	版本	来源	已知漏洞	备注
`deepagents`	`>=0.1.0`	pip	否	Version not pinned, >= constraint allows updates
`langchain`	`>=3.0.0`	pip	否	Major version pinned, acceptable
`tavily-python`	`>=0.5.0`	pip	否	Version not pinned
`httpx`	`>=0.27.0`	pip	否	Well-maintained HTTP client library

安全亮点

✓ No credential harvesting detected - API keys are only read for configuration, not exfiltrated

✓ No base64-encoded payloads or obfuscated code execution

✓ No direct IP connections to suspicious endpoints

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env

✓ No subprocess or shell execution without documentation

✓ Web requests use standard httpx library with proper headers and timeouts

✓ Tavily API integration is declared and appropriate for the research use case

✓ Sub-agent architecture is documented in SKILL.md