cjl-plugin 安全扫描报告 — 低风险 | ClawSafe

5 /100

cjl-plugin

CJL Skills Collection - 17 production skills for content creation, analysis, and media handling

This is a legitimate collection of 17 content creation and analysis skills with no malicious behavior detected. All declared capabilities match actual functionality.

技能名称cjl-plugin

分析耗时38.5s

引擎pi

✓

可以安装

This skill collection is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares Write tool usage for file generation
文件系统	`READ`	`READ`	✓ 一致	SKILL.md declares Read tool for template/file access
命令执行	`WRITE`	`WRITE`	✓ 一致	Bash declared for yt-dlp/curl commands and Python script execution
网络访问	`READ`	`READ`	✓ 一致	WebFetch declared for paper/research content retrieval

5 项发现

🔗

中危外部 URL 外部 URL

https://x.com/user/status/123456

skills/cjl-x-download/SKILL.md:21

🔗

中危外部 URL 外部 URL

https://twitter.com/user/status/123456

skills/cjl-x-download/SKILL.md:22

🔗

中危外部 URL 外部 URL

https://mobile.twitter.com/user/status/123456

skills/cjl-x-download/SKILL.md:23

🔗

中危外部 URL 外部 URL

https://pbs.twimg.com/media/xxx?format=jpg&name=orig

skills/cjl-x-download/SKILL.md:59

🔗

中危外部 URL 外部 URL

https://pbs.twimg.com/media/yyy?format=jpg&name=orig

skills/cjl-x-download/SKILL.md:60

目录结构

25 文件 · 126.8 KB · 3248 行

Markdown 23f · 2808L Python 2f · 440L

├─ ▾ 📁 skills

│ ├─ ▾ 📁 cjl-card

│ │ └─ 📝 SKILL.md Markdown 104L · 3.4 KB

│ ├─ ▾ 📁 cjl-invest

│ │ └─ 📝 SKILL.md Markdown 125L · 5.9 KB

│ ├─ ▾ 📁 cjl-learn

│ │ └─ 📝 SKILL.md Markdown 79L · 2.8 KB

│ ├─ ▾ 📁 cjl-paper

│ │ └─ 📝 SKILL.md Markdown 188L · 9.2 KB

│ ├─ ▾ 📁 cjl-paper-flow

│ │ └─ 📝 SKILL.md Markdown 62L · 2.3 KB

│ ├─ ▾ 📁 cjl-paper-river

│ │ └─ 📝 SKILL.md Markdown 155L · 6.7 KB

│ ├─ ▾ 📁 cjl-plain

│ │ └─ 📝 SKILL.md Markdown 105L · 4.6 KB

│ ├─ ▾ 📁 cjl-rank

│ │ └─ 📝 SKILL.md Markdown 43L · 2.0 KB

│ ├─ ▾ 📁 cjl-relationship

│ │ └─ 📝 SKILL.md Markdown 261L · 10.4 KB

│ ├─ ▾ 📁 cjl-roundtable

│ │ └─ 📝 SKILL.md Markdown 126L · 5.0 KB

│ ├─ ▾ 📁 cjl-skill-map

│ │ └─ 📝 SKILL.md Markdown 67L · 3.5 KB

│ ├─ ▾ 📁 cjl-slides

│ │ ├─ ▾ 📁 scripts

│ │ │ ├─ 🐍 extract-pptx.py Python 96L · 2.8 KB

│ │ │ └─ 🐍 html-to-pptx.py Python 344L · 11.7 KB

│ │ ├─ 📝 SKILL.md Markdown 339L · 14.3 KB

│ │ └─ 📝 STYLE_PREVIEWS.md Markdown 125L · 5.7 KB

│ ├─ ▾ 📁 cjl-travel

│ │ └─ 📝 SKILL.md Markdown 198L · 7.7 KB

│ ├─ ▾ 📁 cjl-word

│ │ └─ 📝 SKILL.md Markdown 41L · 1.3 KB

│ ├─ ▾ 📁 cjl-word-flow

│ │ └─ 📝 SKILL.md Markdown 63L · 1.8 KB

│ ├─ ▾ 📁 cjl-writes

│ │ └─ 📝 SKILL.md Markdown 246L · 11.5 KB

│ └─ ▾ 📁 cjl-x-download

│ └─ 📝 SKILL.md Markdown 81L · 2.5 KB

├─ 📝 CLAUDE.md Markdown 68L · 1.9 KB

├─ 📝 README_ja.md Markdown 83L · 2.8 KB

├─ 📝 README_zh.md Markdown 97L · 2.5 KB

├─ 📝 README.md Markdown 102L · 2.7 KB

└─ 📝 SKILL.md Markdown 50L · 1.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`python-pptx`	`unspecified`	pip	否	Used for PPTX conversion in cjl-slides; version should be pinned for reproducibility

安全亮点

✓ All capabilities properly declared in SKILL.md frontmatter

✓ Python scripts (html-to-pptx.py, extract-pptx.py) use only standard libraries plus python-pptx

✓ No credential harvesting or environment variable access for secrets

✓ No base64-encoded or obfuscated code detected

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ Media downloading (cjl-x-download) uses standard yt-dlp tool with user-provided URLs only

✓ Skill collection is purely documentation and content generation focused