gpt-chat Security Report — Low Risk | ClawSafe

8 /100

gpt-chat

GPT聊天 - 使用GPT模型进行对话和内容生成

Legitimate GPT chat skill with declared network/environment access and no malicious behavior; minor doc-to-config mismatch on the default API proxy.

Skill Namegpt-chat

Duration35.7s

Enginepi

✓

Safe to install

Consider documenting the default api.openai-proxy.org proxy and pinning node version in package.json for reproducibility.

Findings 2 items

Severity	Finding	Location
Low	Undeclared default API proxy endpoint Doc Mismatch The skill's main script gpt.js defaults to api.openai-proxy.org as the API_BASE instead of the official api.openai.com, but SKILL.md only mentions OPENAI_API_KEY with no mention of the proxy or proxy configuration. The proxy URL can be overridden via OPENAI_API_BASE env var, but this is not documented. `const API_BASE = process.env.OPENAI_API_BASE \|\| 'https://api.openai-proxy.org';` → Document the OPENAI_API_BASE environment variable and the default proxy in SKILL.md, or default to api.openai.com for transparency.	`scripts/gpt.js:11`
Low	Non-existent GPT-5 model references Doc Mismatch The skill advertises GPT-5.2, GPT-5.1, and GPT-5 models with pricing tables in SKILL.md and code constants, but these models do not exist on the public OpenAI API. This is misleading documentation for a model-selector skill. `\| GPT-5.2 \| $1.75/1M tokens \| $14/1M tokens \| 最新旗舰模型 \|` → Use actual OpenAI model names (gpt-4o, gpt-4o-mini, gpt-4-turbo, etc.) or clearly note that these are fictional/demonstration models.	`SKILL.md:16`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ+WRITE`	✓ Aligned	SKILL.md:1 — script execution implies node access; gpt.js:state.json write; gene…
Network	`READ`	`READ`	✓ Aligned	gpt.js:36-62 — HTTPS POST to api.openai-proxy.org (or env-configured endpoint)
Environment	`READ`	`READ`	✓ Aligned	gpt.js:11 reads OPENAI_API_KEY and OPENAI_API_BASE from process.env
Shell	`NONE`	`NONE`	—	No shell/shutdown/exec calls; server.js uses Node.js process signals which are s…
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation found
Clipboard	`NONE`	`NONE`	—	Not accessed
Browser	`NONE`	`NONE`	—	Not accessed
Database	`NONE`	`NONE`	—	Not accessed

1 findings

🔗

Medium External URL 外部 URL

https://api.openai-proxy.org

scripts/gpt.js:11

File Tree

9 files · 14.1 KB · 530 lines

JavaScript 6f · 455L Markdown 1f · 60L JSON 2f · 15L

├─ ▾ 📁 scripts

│ ├─ 📜 generate-article.js JavaScript 73L · 1.9 KB

│ ├─ 📜 gpt.js JavaScript 136L · 3.9 KB

│ ├─ 📜 server.js JavaScript 130L · 3.6 KB

│ ├─ 📋 state.json JSON 2L · 31 B

│ ├─ 📜 test-chat.js JavaScript 49L · 1.2 KB

│ ├─ 📜 test-key.js JavaScript 31L · 817 B

│ └─ 📜 test.js JavaScript 36L · 754 B

├─ 📋 package.json JSON 13L · 338 B

└─ 📝 SKILL.md Markdown 60L · 1.5 KB

Security Positives

✓ No shell execution, reverse shells, or command injection patterns detected

✓ No credential harvesting beyond the declared OPENAI_API_KEY

✓ No base64-encoded payloads, eval(), or obfuscation techniques

✓ No sensitive file path access (~/.ssh, ~/.aws, .env) beyond state.json

✓ No data exfiltration or C2 communication patterns

✓ No supply chain risks — package.json has no external dependencies

✓ HTTPS used for all API calls with Bearer token authentication

✓ State persistence is local-only (state.json in scripts directory)

Scan Report

Findings 2 items

File Tree

Security Positives