panews 安全扫描报告 — 可信 | ClawSafe

5 /100

panews

Entry point for reading PANews cryptocurrency/blockchain news and market narratives

This is a pure-documentation PANews cryptocurrency news reading skill with no executable code present. All referenced files are markdown/YAML describing legitimate news-fetching workflows against the panewslab.com API.

技能名称panews

分析耗时36.8s

引擎pi

✓

可以安装

No action needed. The skill is safe but incomplete — the SKILL.md references a `scripts/cli.mjs` that does not exist in the package, making the skill non-functional.

安全发现 1 项

严重性	安全发现	位置
低危	Referenced CLI script does not exist SKILL.md declares 'node scripts/cli.mjs' as the execution entrypoint, but the package contains no scripts/ directory or any executable code. The skill is pure documentation and cannot function. `node {Skills Directory}/panews/scripts/cli.mjs <command> [options]` → Add the missing scripts/cli.mjs file to make the skill functional, or update SKILL.md to remove the CLI reference if this is meant to be a pure prompt-based skill.	`SKILL.md:53`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access in any file
网络访问	`READ`	`READ`	✓ 一致	All network calls are GET requests to panewslab.com for news content
命令执行	`WRITE`	`NONE`	✓ 一致	SKILL.md references 'node cli.mjs' but scripts/cli.mjs does not exist — shell ac…
环境变量	`NONE`	`NONE`	—	No environment variable access in any file
技能调用	`NONE`	`NONE`	—	No skill invocation in any file
剪贴板	`NONE`	`NONE`	—	No clipboard access in any file
浏览器	`NONE`	`NONE`	—	No browser access in any file
数据库	`NONE`	`NONE`	—	No database access in any file

4 项发现

🔗

中危外部 URL 外部 URL

https://www.panewslab.com/

references/workflow-read-article.md:7

🔗

中危外部 URL 外部 URL

https://www.panewslab.com/zh/abc123def

references/workflow-read-article.md:10

🔗

中危外部 URL 外部 URL

https://panewslab.com/en/abc123def

references/workflow-read-article.md:11

🔗

中危外部 URL 外部 URL

https://www.panewslab.com/abc123def

references/workflow-read-article.md:12

目录结构

14 文件 · 19.0 KB · 531 行

Markdown 13f · 524L YAML 1f · 7L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 7L · 451 B

├─ ▾ 📁 references

│ ├─ 📝 workflow-calendar.md Markdown 33L · 1.2 KB

│ ├─ 📝 workflow-columns.md Markdown 31L · 928 B

│ ├─ 📝 workflow-events.md Markdown 40L · 1.3 KB

│ ├─ 📝 workflow-hooks.md Markdown 64L · 2.1 KB

│ ├─ 📝 workflow-latest-news.md Markdown 32L · 1022 B

│ ├─ 📝 workflow-read-article.md Markdown 30L · 954 B

│ ├─ 📝 workflow-search.md Markdown 41L · 1.4 KB

│ ├─ 📝 workflow-series.md Markdown 31L · 889 B

│ ├─ 📝 workflow-today-briefing.md Markdown 40L · 1.1 KB

│ ├─ 📝 workflow-topic-research.md Markdown 38L · 1.3 KB

│ ├─ 📝 workflow-topics.md Markdown 30L · 934 B

│ └─ 📝 workflow-trending.md Markdown 25L · 713 B

└─ 📝 SKILL.md Markdown 89L · 4.9 KB

安全亮点

✓ No executable code present — only documentation files

✓ No credential harvesting or environment variable access

✓ No base64/encoded payloads, eval, or shell command injection

✓ All network IOCs point to legitimate domain panewslab.com

✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)

✓ No data exfiltration or external IP communication

✓ No hidden HTML comments or steganographic payloads

✓ No dependency files with unpinned versions or known vulnerabilities

✓ No reverse shell, C2, or privilege escalation patterns