ai-image-generator 安全扫描报告 — 可信 | ClawSafe

5 /100

ai-image-generator

AI图片与视频异步生成技能，调用AI Artist API根据文本提示词生成图片或视频

Legitimate AI image/video generation skill that safely wraps an external API with no malicious behavior detected.

技能名称ai-image-generator

分析耗时30.1s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Only reads user-provided files for upload and writes generated images to specifi…
网络访问	`READ`	`READ`	✓ 一致	All network requests are to documented API endpoints (staging.kocgo.vip)
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
环境变量	`READ`	`READ`	✓ 一致	Reads AI_ARTIST_TOKEN and FEISHU_WEBHOOK_URL for legitimate API authentication

8 项发现

🔗

中危外部 URL 外部 URL

https://staging.kocgo.vip/index

README.md:9

🔗

中危外部 URL 外部 URL

https://staging.kocgo.vip/stage-api/system/fileUpload/upload

SKILL.md:64

🔗

中危外部 URL 外部 URL

https://kocgo-ai-sales-test.oss-cn-hangzhou.aliyuncs.com/material/100/xxx.png

SKILL.md:75

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/open-apis/bot/v2/hook/xxx

SKILL.md:515

🔗

中危外部 URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistRecord

references/api.md:103

🔗

中危外部 URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistImage/getInfoByArtistId/

references/api.md:123

🔗

中危外部 URL 外部 URL

https://your-cdn.com/image.png

references/feishu-integration.md:84

🔗

中危外部 URL 外部 URL

https://staging.kocgo.vip/stage-api/ai

scripts/generate_image.py:25

目录结构

7 文件 · 62.6 KB · 1959 行

Python 1f · 1008L Markdown 5f · 946L JSON 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 api.md Markdown 125L · 3.0 KB

│ ├─ 📝 chat-integration.md Markdown 69L · 1.8 KB

│ └─ 📝 feishu-integration.md Markdown 159L · 4.2 KB

├─ ▾ 📁 scripts

│ └─ 🐍 generate_image.py Python 1008L · 36.3 KB

├─ 📋 _meta.json JSON 5L · 148 B

├─ 📝 README.md Markdown 72L · 1.5 KB

└─ 📝 SKILL.md Markdown 521L · 15.7 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	No version pinning but requests is a widely-used stable library

安全亮点

✓ Clean, readable Python code with no obfuscation

✓ Comprehensive documentation matches implementation

✓ No shell execution or command injection vulnerabilities

✓ API key only used locally for authentication to the external service

✓ File operations limited to user-specified paths for reference image upload and output

✓ All network requests go to clearly documented API endpoints

✓ No credential harvesting beyond the user's own API key

✓ No sensitive path access (no ~/.ssh, ~/.aws, or .env file reading)

✓ Optional Feishu webhook notification is clearly documented and user-controlled