deepread-pii Security Report — Low Risk | ClawSafe

15 /100

deepread-pii

DeepRead PII Redaction - Redact PII from documents using AI-powered context-aware detection

Pure documentation skill describing external API integration for PII redaction. No malicious code or hidden functionality detected; all behavior is clearly documented.

Skill Namedeepread-pii

Duration25.4s

Enginepi

✓

Safe to install

This skill is safe to use. Ensure users understand that documents are uploaded to deepread.tech for processing (privacy consideration). No implementation files exist beyond documentation.

Findings 2 items

Severity	Finding	Location
Low	External data upload clearly documented Doc Mismatch Documents are uploaded to api.deepread.tech for processing. This is prominently disclosed in the documentation and security notes section. `This skill instructs the agent to POST your file to https://api.deepread.tech` → Users should be aware that sensitive documents leave their environment. No action required as behavior is disclosed.	`SKILL.md:1`
Low	Example API keys in documentation Doc Mismatch SKILL.md contains sk_live_your_key_here (line 49) and sk_live_YOUR_KEY (line 369) as example placeholders. These are clearly example values, not real credentials. `API_KEY="sk_live_your_key_here"` → No action needed — these are clearly example placeholders in documentation examples.	`SKILL.md:49`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`NONE`	✓ Aligned	SKILL.md documents file upload capability but no code exists to exercise it
Network	`READ`	`NONE`	✓ Aligned	SKILL.md describes API calls but no implementation code exists
Shell	`NONE`	`NONE`	—	No shell commands in documentation
Environment	`READ`	`NONE`	✓ Aligned	DEEPREAD_API_KEY access declared in metadata; no code present

2 High 18 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="sk_live_your_key_here"

SKILL.md:49

🔑

High API Key 疑似硬编码凭证

API_KEY = "sk_live_YOUR_KEY"

SKILL.md:369

🔗

Medium External URL 外部 URL

https://www.deepread.tech

SKILL.md:5

🔗

Medium External URL 外部 URL

https://api.deepread.tech

SKILL.md:21

🔗

Medium External URL 外部 URL

https://www.deepread.tech/privacy

SKILL.md:29

🔗

Medium External URL 外部 URL

https://www.deepread.tech/dashboard

SKILL.md:41

🔗

Medium External URL 外部 URL

https://www.deepread.tech/dashboard/?utm_source=clawhub

SKILL.md:44

🔗

Medium External URL 外部 URL

https://api.deepread.tech/v1/pii/redact

SKILL.md:73

🔗

Medium External URL 外部 URL

https://your-app.com/webhooks/pii

SKILL.md:76

🔗

Medium External URL 外部 URL

https://api.deepread.tech/v1/pii/550e8400-e29b-41d4-a716-446655440000

SKILL.md:100

🔗

Medium External URL 外部 URL

https://...(signed

SKILL.md:122

🔗

Medium External URL 外部 URL

https://api.deepread.tech/v1/pii/JOB_ID

SKILL.md:466

🔗

Medium External URL 外部 URL

https://api.deepread.tech/v1/process

SKILL.md:478

🔗

Medium External URL 外部 URL

https://api.deepread.tech/v1/form-fill

SKILL.md:510

🔗

Medium External URL 外部 URL

https://www.deepread.tech/dashboard/billing?utm_source=clawhub

SKILL.md:588

📧

Info Email 邮箱地址

[email protected]

SKILL.md:229

📧

Info Email 邮箱地址

[email protected]

SKILL.md:230

📧

Info Email 邮箱地址

[email protected]

SKILL.md:639

File Tree

1 files · 20.0 KB · 643 lines

Markdown 1f · 643L

└─ 📝 SKILL.md Markdown 643L · 20.0 KB

Security Positives

✓ No executable code present — this is a pure documentation skill

✓ All external API calls to api.deepread.tech are clearly documented

✓ Security notes section explicitly addresses data handling and privacy

✓ Privacy policy link provided for user review

✓ No credential harvesting beyond user's own API key

✓ No obfuscation, base64, or anti-analysis techniques

✓ No filesystem modifications or system file access

✓ No suspicious network connections beyond declared API endpoint

Scan Report

Findings 2 items

File Tree

Security Positives