contentclaw 安全扫描报告 — 低风险 | ClawSafe

22 /100

contentclaw

Turn papers, podcasts, and case studies into publish-ready social posts, infographics, and diagrams

A legitimate content generation skill with well-scoped permissions, no credential theft, and no hidden malicious behavior; the only notable concern is a documented curl|sh installation pattern for a known tool (uv).

技能名称contentclaw

分析耗时54.3s

引擎pi

✓

可以安装

Approve for use. Consider pinning dependency versions in pyproject.toml to reduce supply chain risk. The curl|sh command is a documented installation step and involves a well-known tool (Astral's uv), but users should be aware of the pattern.

安全发现 4 项

严重性	安全发现	位置
中危	Documented curl\|sh installation pattern 代码执行 SKILL.md instructs `curl -LsSf https://astral.sh/uv/install.sh \| sh` to install the uv package manager. While documented and involving a known reputable tool (Astral), pipe-to-bash remains a high-risk pattern that should be avoided when possible. `curl -LsSf https://astral.sh/uv/install.sh \| sh` → Prefer Homebrew (macOS) or pipx installation methods which are safer. If curl\|sh must be used, always review the script at the URL first.	`SKILL.md:56`
低危	Unpinned dependency versions 供应链 All dependencies in pyproject.toml use >= lower bounds without upper limits, allowing any version including potentially malicious updates to be pulled. `httpx>=0.27, pymupdf>=1.24, readabilipy>=0.2, playwright>=1.49, fal-client>=0.5, exa-py>=1.0` → Pin to known-good versions or use a lock file (uv.lock) to ensure reproducible and secure builds.	`pyproject.toml:10`
低危	False-positive IP address flagged in pre-scan 敏感访问 The pre-scan flagged '131.0.0.0' in browser.py:17 as a hardcoded IP. Inspection reveals it is a User-Agent browser version string (Chrome/131.0.0.0), not an IP address. This is a false positive. `USER_AGENT = "Mozilla/5.0 ... Chrome/131.0.0.0 Safari/537.36"` → No action needed; pre-scan rule should be refined to distinguish User-Agent version strings from IP addresses.	`scripts/browser.py:17`
提示	SKILL.md declares allowed-tools but capability mapping is mostly aligned 文档欺骗 allowed-tools declares Bash, Read, Write, Edit, Glob, Grep, AskUserQuestion. The skill actually uses shell:WRITE (uv run), filesystem:READ/WRITE (scoped to BASE_DIR), network:READ (API calls), environment:READ (scoped .env), browser:READ (Playwright). No Edit tool usage was found in the scripts. `allowed-tools: Bash, Read, Write, Edit, Glob, Grep, AskUserQuestion` → Update allowed-tools to accurately reflect browser usage (Playwright) or document it as a prerequisite.	`SKILL.md:34`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`WRITE`	✓ 一致	SKILL.md declares Read/Write/Edit tools but Write usage is scoped to BASE_DIR co…
网络访问	`READ`	`READ`	✓ 一致	Makes outbound API calls to fal.ai and exa.ai (documented), no inbound listeners
命令执行	`WRITE`	`WRITE`	✓ 一致	Uses uv run for subprocess execution; curl\|sh documented in SKILL.md line 56
环境变量	`NONE`	`READ`	✓ 一致	Scoped .env loading of FAL_KEY and EXA_API_KEY in env.py, discover_topics.py, ge…
技能调用	`NONE`	`READ`	✓ 一致	Skill invokes itself via recipe execution pattern; no privilege escalation
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`READ`	✓ 一致	Playwright headless browser used for extraction; declared in install prerequisit…
数据库	`NONE`	`NONE`	—	No database access

1 严重 1 高危 20 项发现

💀

严重危险命令危险 Shell 命令

curl -LsSf https://astral.sh/uv/install.sh | sh

SKILL.md:56

📡

高危 IP 地址硬编码 IP 地址

131.0.0.0

scripts/browser.py:17

🔗

中危外部 URL 外部 URL

https://docs.astral.sh/uv/

SKILL.md:53

🔗

中危外部 URL 外部 URL

https://astral.sh/uv/install.sh

SKILL.md:56

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/HowToAIAgent/comments/1rfo5i7/i_opensourced_my_kindle_publishing_pipeline_with/

recipes/demo-diagram-breakdown.yaml:50

🔗

中危外部 URL 外部 URL

https://www.linkedin.com/posts/romejgeorgio_the-start-of-machine-to-machine-marketing-activity-7430322995220459520-gU7Q

recipes/paper-breakdown-insight.yaml:49

🔗

中危外部 URL 外部 URL

https://x.com/omarsar0/status/2030403147588604376

recipes/paper-breakdown-insight.yaml:63

🔗

中危外部 URL 外部 URL

https://x.com/omarsar0/status/2029926242640912429

recipes/paper-breakdown-insight.yaml:64

🔗

中危外部 URL 外部 URL

https://www.linkedin.com/posts/romejgeorgio_llms-are-curating-reality-x-open-sourcing-activity-7419815247869333504-l-KW

recipes/podcast-insight.yaml:51

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/gtmengineering/comments/1q805wm/how_were_personalising_cold_emails_at_scale_in/

recipes/reddit-short-case-study.yaml:49

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/aiagents/comments/1rctr3d/agents_are_getting_more_powerful_every_day_here/

recipes/what-you-might-have-missed.yaml:52

🔗

中危外部 URL 外部 URL

https://www.reddit.com/r/aiagents/comments/1r6jo63/its_been_a_big_week_for_agentic_ai_here_are_10/

recipes/what-you-might-have-missed.yaml:53

🔗

中危外部 URL 外部 URL

https://arxiv.org/abs/2401.04088

tests/test_extract.py:33

🔗

中危外部 URL 外部 URL

https://arxiv.org/pdf/2401.04088

tests/test_extract.py:34

🔗

中危外部 URL 外部 URL

https://reddit.com/r/test/comments/abc

tests/test_extract.py:35

🔗

中危外部 URL 外部 URL

https://x.com/user/status/123

tests/test_extract.py:37

🔗

中危外部 URL 外部 URL

https://twitter.com/user/status/123

tests/test_extract.py:38

🔗

中危外部 URL 外部 URL

https://youtube.com/watch?v=abc

tests/test_extract.py:41

🔗

中危外部 URL 外部 URL

https://lilianweng.github.io/posts/2024-02-05-human-data-quality/

tests/test_extract.py:55

🔗

中危外部 URL 外部 URL

https://thisdoesnotexist.example.com

tests/test_extract.py:74

目录结构

46 文件 · 101.9 KB · 2923 行

Markdown 15f · 1241L Python 8f · 1172L YAML 22f · 487L TOML 1f · 23L

├─ ▾ 📁 agents

│ ├─ 📝 breakdown.md Markdown 51L · 1.8 KB

│ ├─ 📝 caption.md Markdown 39L · 1.4 KB

│ ├─ 📝 case-study.md Markdown 56L · 2.0 KB

│ ├─ 📝 diagram.md Markdown 59L · 2.0 KB

│ ├─ 📝 infographic.md Markdown 58L · 2.0 KB

│ ├─ 📝 insight-post.md Markdown 53L · 2.2 KB

│ ├─ 📝 poster.md Markdown 51L · 1.7 KB

│ ├─ 📝 reddit-human.md Markdown 72L · 3.8 KB

│ └─ 📝 roundup.md Markdown 49L · 1.8 KB

├─ ▾ 📁 brand-graphs

│ └─ ▾ 📁 templates

│ ├─ ▾ 📁 ai-ml

│ │ ├─ 📋 audience.yaml YAML 13L · 313 B

│ │ ├─ 📋 feedback.yaml YAML 1L · 13 B

│ │ ├─ 📋 identity.yaml YAML 6L · 218 B

│ │ ├─ 📋 strategy.yaml YAML 9L · 220 B

│ │ └─ 📋 visual.yaml YAML 2L · 49 B

│ ├─ ▾ 📁 dev-tools

│ │ ├─ 📋 audience.yaml YAML 13L · 293 B

│ │ ├─ 📋 feedback.yaml YAML 1L · 13 B

│ │ ├─ 📋 identity.yaml YAML 6L · 196 B

│ │ ├─ 📋 strategy.yaml YAML 8L · 214 B

│ │ └─ 📋 visual.yaml YAML 2L · 49 B

│ └─ ▾ 📁 saas-b2b

│ ├─ 📋 audience.yaml YAML 13L · 311 B

│ ├─ 📋 feedback.yaml YAML 1L · 13 B

│ ├─ 📋 identity.yaml YAML 6L · 228 B

│ ├─ 📋 strategy.yaml YAML 8L · 194 B

│ └─ 📋 visual.yaml YAML 2L · 49 B

├─ ▾ 📁 recipes

│ ├─ 📋 _schema.yaml YAML 44L · 2.0 KB

│ ├─ 📋 demo-diagram-breakdown.yaml YAML 64L · 1.7 KB

│ ├─ 📋 news-event-poster.yaml YAML 59L · 1.4 KB

│ ├─ 📋 paper-breakdown-insight.yaml YAML 64L · 1.9 KB

│ ├─ 📋 podcast-insight.yaml YAML 63L · 1.7 KB

│ ├─ 📋 reddit-short-case-study.yaml YAML 49L · 1.4 KB

│ └─ 📋 what-you-might-have-missed.yaml YAML 53L · 1.6 KB

├─ ▾ 📁 references

│ ├─ 📝 brand.md Markdown 36L · 1.3 KB

│ ├─ 📝 create-recipe.md Markdown 29L · 1.5 KB

│ ├─ 📝 run-recipe.md Markdown 59L · 2.7 KB

│ └─ 📝 topics.md Markdown 20L · 700 B

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 extractors

│ │ └─ 🐍 extract.py Python 295L · 8.4 KB

│ ├─ 🐍 browser.py Python 40L · 1.2 KB

│ ├─ 🐍 discover_topics.py Python 223L · 6.6 KB

│ ├─ 🐍 env.py Python 22L · 733 B

│ └─ 🐍 generate_image.py Python 287L · 9.4 KB

├─ ▾ 📁 tests

│ ├─ 🐍 test_extract.py Python 85L · 3.1 KB

│ ├─ 🐍 test_image_gen.py Python 91L · 2.7 KB

│ └─ 🐍 test_recipes.py Python 129L · 4.4 KB

├─ 📄 pyproject.toml TOML 23L · 431 B

├─ 📝 SKILL.md Markdown 508L · 21.0 KB

└─ 📝 TODOS.md Markdown 101L · 5.4 KB

依赖分析 6 项

包名	版本	来源	已知漏洞	备注
`httpx`	`>=0.27`	pip	否	Version not pinned
`pymupdf`	`>=1.24`	pip	否	Version not pinned
`readabilipy`	`>=0.2`	pip	否	Version not pinned; less widely-used package
`playwright`	`>=1.49`	pip	否	Version not pinned
`fal-client`	`>=0.5`	pip	否	Version not pinned
`exa-py`	`>=1.0`	pip	否	Version not pinned

安全亮点

✓ Scoped .env loading — only FAL_KEY and EXA_API_KEY are loaded, preventing credential over-exposure

✓ Strong file scoping — SKILL.md explicitly restricts reads/writes to BASE_DIR only

✓ No credential theft — no iteration over os.environ, no access to ~/.ssh, ~/.aws, or other sensitive paths

✓ No exfiltration — extracted content is processed locally; external API calls only send condensed specs and search queries

✓ No obfuscation — no base64-encoded strings, eval(), or dynamic code generation

✓ No persistence mechanisms — no cron jobs, startup hooks, or backdoor installation

✓ No C2 communication — no hardcoded IPs for command-and-control

✓ Legitimate toolchain — uses well-known, reputable services (fal.ai, exa.ai, Playwright, Astral uv)

✓ Transparent data flow — SKILL.md documents all external API calls and browser automation clearly