deepread-pii 安全扫描报告 — 低风险 | ClawSafe

15 /100

deepread-pii

DeepRead PII Redaction - Redact PII from documents using AI-powered context-aware detection

Pure documentation skill describing external API integration for PII redaction. No malicious code or hidden functionality detected; all behavior is clearly documented.

技能名称deepread-pii

分析耗时25.4s

引擎pi

✓

可以安装

This skill is safe to use. Ensure users understand that documents are uploaded to deepread.tech for processing (privacy consideration). No implementation files exist beyond documentation.

安全发现 2 项

严重性	安全发现	位置
低危	External data upload clearly documented 文档欺骗 Documents are uploaded to api.deepread.tech for processing. This is prominently disclosed in the documentation and security notes section. `This skill instructs the agent to POST your file to https://api.deepread.tech` → Users should be aware that sensitive documents leave their environment. No action required as behavior is disclosed.	`SKILL.md:1`
低危	Example API keys in documentation 文档欺骗 SKILL.md contains sk_live_your_key_here (line 49) and sk_live_YOUR_KEY (line 369) as example placeholders. These are clearly example values, not real credentials. `API_KEY="sk_live_your_key_here"` → No action needed — these are clearly example placeholders in documentation examples.	`SKILL.md:49`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`NONE`	✓ 一致	SKILL.md documents file upload capability but no code exists to exercise it
网络访问	`READ`	`NONE`	✓ 一致	SKILL.md describes API calls but no implementation code exists
命令执行	`NONE`	`NONE`	—	No shell commands in documentation
环境变量	`READ`	`NONE`	✓ 一致	DEEPREAD_API_KEY access declared in metadata; no code present

2 高危 18 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="sk_live_your_key_here"

SKILL.md:49

🔑

高危 API 密钥疑似硬编码凭证

API_KEY = "sk_live_YOUR_KEY"

SKILL.md:369

🔗

中危外部 URL 外部 URL

https://www.deepread.tech

SKILL.md:5

🔗

中危外部 URL 外部 URL

https://api.deepread.tech

SKILL.md:21

🔗

中危外部 URL 外部 URL

https://www.deepread.tech/privacy

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://www.deepread.tech/dashboard

SKILL.md:41

🔗

中危外部 URL 外部 URL

https://www.deepread.tech/dashboard/?utm_source=clawhub

SKILL.md:44

🔗

中危外部 URL 外部 URL

https://api.deepread.tech/v1/pii/redact

SKILL.md:73

🔗

中危外部 URL 外部 URL

https://your-app.com/webhooks/pii

SKILL.md:76

🔗

中危外部 URL 外部 URL

https://api.deepread.tech/v1/pii/550e8400-e29b-41d4-a716-446655440000

SKILL.md:100

🔗

中危外部 URL 外部 URL

https://...(signed

SKILL.md:122

🔗

中危外部 URL 外部 URL

https://api.deepread.tech/v1/pii/JOB_ID

SKILL.md:466

🔗

中危外部 URL 外部 URL

https://api.deepread.tech/v1/process

SKILL.md:478

🔗

中危外部 URL 外部 URL

https://api.deepread.tech/v1/form-fill

SKILL.md:510

🔗

中危外部 URL 外部 URL

https://www.deepread.tech/dashboard/billing?utm_source=clawhub

SKILL.md:588

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:229

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:230

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:639

目录结构

1 文件 · 20.0 KB · 643 行

Markdown 1f · 643L

└─ 📝 SKILL.md Markdown 643L · 20.0 KB

安全亮点

✓ No executable code present — this is a pure documentation skill

✓ All external API calls to api.deepread.tech are clearly documented

✓ Security notes section explicitly addresses data handling and privacy

✓ Privacy policy link provided for user review

✓ No credential harvesting beyond user's own API key

✓ No obfuscation, base64, or anti-analysis techniques

✓ No filesystem modifications or system file access

✓ No suspicious network connections beyond declared API endpoint