Name: md-wechat Security Report — Trusted | ClawSafe
Item: md-wechat
Rating: 95
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

5 /100

md-wechat

将 Markdown 文档转换为微信公众号格式的技能

这是一个标准的 Markdown 转微信公众号格式工具，代码质量良好，无恶意行为，所有能力均已在文档中声明。

Skill Namemd-wechat

Duration37.8s

Enginepi

ClawHub Md Wechat v0.1.1 by italks

📥 199 📦 1 ⭐ 1

ClawHub Verdict Suspicious dangerous_execdynamic_code_executionvt_suspicious

✓

Safe to install

可安全使用。自动安装依赖机制存在供应链风险，建议在隔离环境中运行。

Findings 1 items

Severity	Finding	Location
Low	依赖版本未精确锁定 Supply Chain package.json 中所有依赖使用 ^ 范围版本锁定（如 ^12.0.0），而非精确版本，存在依赖供应链风险 `"marked": "^12.0.0"` → 建议使用精确版本（如 [email protected]）或固定 package-lock.json 版本	`package.json:13`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	SKILL.md:150 读取MD文件, scripts/convert.js:860 写入HTML
Network	`READ`	`READ`	✓ Aligned	加载CDN资源用于highlight.js/KaTeX/Mermaid
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/convert.js:830 execSync npm install, SKILL.md:77 声明自动安装机制

175 findings

🔗

Medium External URL 外部 URL

https://marked.js.org/

README.md:234

🔗

Medium External URL 外部 URL

https://katex.org/

README.md:235

🔗

Medium External URL 外部 URL

https://highlightjs.org/

README.md:236

🔗

Medium External URL 外部 URL

https://mermaid.js.org/

README.md:237

🔗

Medium External URL 外部 URL

https://cdn.npmmirror.com/mirrors

SKILL.md:336

🔗

Medium External URL 外部 URL

https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com/npm/highlightjs/11.11.1/styles/atom-one-dark.min.css

md-config.json:12

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@babel/code-frame/-/code-frame-7.29.0.tgz

package-lock.json:31

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz

package-lock.json:45

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz

package-lock.json:54

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz

package-lock.json:64

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/source-map/-/source-map-0.3.11.tgz

package-lock.json:73

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz

package-lock.json:83

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz

package-lock.json:89

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@puppeteer/browsers/-/browsers-2.3.0.tgz

package-lock.json:99

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz

package-lock.json:121

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/node/-/node-25.5.0.tgz

package-lock.json:127

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/yauzl/-/yauzl-2.10.3.tgz

package-lock.json:137

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/acorn/-/acorn-8.16.0.tgz

package-lock.json:147

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/agent-base/-/agent-base-7.1.4.tgz

package-lock.json:159

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ansi-colors/-/ansi-colors-4.1.3.tgz

package-lock.json:168

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ansi-regex/-/ansi-regex-5.0.1.tgz

package-lock.json:177

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ansi-styles/-/ansi-styles-4.3.0.tgz

package-lock.json:186

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/argparse/-/argparse-2.0.1.tgz

package-lock.json:201

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ast-types/-/ast-types-0.13.4.tgz

package-lock.json:207

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/b4a/-/b4a-1.8.0.tgz

package-lock.json:219

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-events/-/bare-events-2.8.2.tgz

package-lock.json:233

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-fs/-/bare-fs-4.5.5.tgz

package-lock.json:247

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-os/-/bare-os-3.7.1.tgz

package-lock.json:271

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-path/-/bare-path-3.0.0.tgz

package-lock.json:280

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-stream/-/bare-stream-2.8.1.tgz

package-lock.json:289

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bare-url/-/bare-url-2.3.2.tgz

package-lock.json:311

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/base64-js/-/base64-js-1.5.1.tgz

package-lock.json:320

🔗

Medium External URL 外部 URL

https://www.patreon.com/feross

package-lock.json:329

🔗

Medium External URL 外部 URL

https://feross.org/support

package-lock.json:333

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/basic-ftp/-/basic-ftp-5.2.0.tgz

package-lock.json:340

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/boolbase/-/boolbase-1.0.0.tgz

package-lock.json:349

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/buffer/-/buffer-5.7.1.tgz

package-lock.json:355

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz

package-lock.json:379

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/buffer-from/-/buffer-from-1.1.2.tgz

package-lock.json:388

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/callsites/-/callsites-3.1.0.tgz

package-lock.json:394

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/camel-case/-/camel-case-4.1.2.tgz

package-lock.json:403

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/chalk/-/chalk-5.6.2.tgz

package-lock.json:413

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cheerio/-/cheerio-1.0.0-rc.12.tgz

package-lock.json:425

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cheerio-select/-/cheerio-select-2.1.0.tgz

package-lock.json:446

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/chromium-bidi/-/chromium-bidi-0.6.3.tgz

package-lock.json:463

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/clean-css/-/clean-css-5.3.3.tgz

package-lock.json:477

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cliui/-/cliui-8.0.1.tgz

package-lock.json:489

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/color-convert/-/color-convert-2.0.1.tgz

package-lock.json:503

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/color-name/-/color-name-1.1.4.tgz

package-lock.json:515

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-12.1.0.tgz

package-lock.json:521

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cosmiconfig/-/cosmiconfig-9.0.1.tgz

package-lock.json:530

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/css-select/-/css-select-5.2.2.tgz

package-lock.json:556

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/css-what/-/css-what-6.2.2.tgz

package-lock.json:572

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz

package-lock.json:584

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/debug/-/debug-4.4.3.tgz

package-lock.json:593

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/degenerator/-/degenerator-5.0.1.tgz

package-lock.json:610

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/devtools-protocol/-/devtools-protocol-0.0.1312386.tgz

package-lock.json:624

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dom-serializer/-/dom-serializer-2.0.0.tgz

package-lock.json:630

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domelementtype/-/domelementtype-2.3.0.tgz

package-lock.json:644

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domhandler/-/domhandler-5.0.3.tgz

package-lock.json:656

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domutils/-/domutils-3.2.2.tgz

package-lock.json:671

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dot-case/-/dot-case-3.0.4.tgz

package-lock.json:685

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/emoji-regex/-/emoji-regex-8.0.0.tgz

package-lock.json:695

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/end-of-stream/-/end-of-stream-1.4.5.tgz

package-lock.json:701

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/entities/-/entities-4.5.0.tgz

package-lock.json:710

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/env-paths/-/env-paths-2.2.1.tgz

package-lock.json:722

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/error-ex/-/error-ex-1.3.4.tgz

package-lock.json:731

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/escalade/-/escalade-3.2.0.tgz

package-lock.json:740

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/escape-goat/-/escape-goat-3.0.0.tgz

package-lock.json:749

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/escodegen/-/escodegen-2.1.0.tgz

package-lock.json:761

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/esprima/-/esprima-4.0.1.tgz

package-lock.json:782

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/estraverse/-/estraverse-5.3.0.tgz

package-lock.json:795

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/esutils/-/esutils-2.0.3.tgz

package-lock.json:804

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/events-universal/-/events-universal-1.0.1.tgz

package-lock.json:813

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/extract-zip/-/extract-zip-2.0.1.tgz

package-lock.json:822

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fast-fifo/-/fast-fifo-1.3.2.tgz

package-lock.json:842

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fd-slicer/-/fd-slicer-1.1.0.tgz

package-lock.json:848

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-caller-file/-/get-caller-file-2.0.5.tgz

package-lock.json:857

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-stream/-/get-stream-5.2.0.tgz

package-lock.json:866

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-uri/-/get-uri-6.0.5.tgz

package-lock.json:881

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/highlight.js/-/highlight.js-11.11.1.tgz

package-lock.json:895

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz

package-lock.json:904

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-10.0.1.tgz

package-lock.json:925

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/htmlparser2/-/htmlparser2-8.0.2.tgz

package-lock.json:934

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz

package-lock.json:953

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz

package-lock.json:966

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ieee754/-/ieee754-1.2.1.tgz

package-lock.json:979

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/import-fresh/-/import-fresh-3.3.1.tgz

package-lock.json:999

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ip-address/-/ip-address-10.1.0.tgz

package-lock.json:1015

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/is-arrayish/-/is-arrayish-0.2.1.tgz

package-lock.json:1024

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz

package-lock.json:1030

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/js-tokens/-/js-tokens-4.0.0.tgz

package-lock.json:1039

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/js-yaml/-/js-yaml-4.1.1.tgz

package-lock.json:1045

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz

package-lock.json:1057

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/juice/-/juice-10.0.1.tgz

package-lock.json:1063

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-6.2.1.tgz

package-lock.json:1082

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/katex/-/katex-0.16.38.tgz

package-lock.json:1091

🔗

Medium External URL 外部 URL

https://opencollective.com/katex

package-lock.json:1094

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-8.3.0.tgz

package-lock.json:1107

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/lines-and-columns/-/lines-and-columns-1.2.4.tgz

package-lock.json:1116

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/lower-case/-/lower-case-2.0.2.tgz

package-lock.json:1122

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/lru-cache/-/lru-cache-7.18.3.tgz

package-lock.json:1131

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/marked/-/marked-12.0.2.tgz

package-lock.json:1140

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/marked-highlight/-/marked-highlight-2.2.3.tgz

package-lock.json:1152

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mensch/-/mensch-0.3.4.tgz

package-lock.json:1161

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime/-/mime-2.6.0.tgz

package-lock.json:1167

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mitt/-/mitt-3.0.1.tgz

package-lock.json:1179

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ms/-/ms-2.1.3.tgz

package-lock.json:1185

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/netmask/-/netmask-2.0.2.tgz

package-lock.json:1191

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/no-case/-/no-case-3.0.4.tgz

package-lock.json:1200

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/node-fetch/-/node-fetch-2.7.0.tgz

package-lock.json:1210

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/nth-check/-/nth-check-2.1.1.tgz

package-lock.json:1230

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/once/-/once-1.4.0.tgz

package-lock.json:1242

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pac-proxy-agent/-/pac-proxy-agent-7.2.0.tgz

package-lock.json:1251

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pac-resolver/-/pac-resolver-7.0.1.tgz

package-lock.json:1270

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/param-case/-/param-case-3.0.4.tgz

package-lock.json:1283

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/parent-module/-/parent-module-1.0.1.tgz

package-lock.json:1293

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/parse-json/-/parse-json-5.2.0.tgz

package-lock.json:1305

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/parse5/-/parse5-7.3.0.tgz

package-lock.json:1323

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz

package-lock.json:1335

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/entities/-/entities-6.0.1.tgz

package-lock.json:1348

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pascal-case/-/pascal-case-3.1.2.tgz

package-lock.json:1360

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pend/-/pend-1.2.0.tgz

package-lock.json:1370

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/picocolors/-/picocolors-1.1.1.tgz

package-lock.json:1376

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/progress/-/progress-2.0.3.tgz

package-lock.json:1382

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/proxy-agent/-/proxy-agent-6.5.0.tgz

package-lock.json:1391

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz

package-lock.json:1410

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pump/-/pump-3.0.4.tgz

package-lock.json:1416

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/puppeteer/-/puppeteer-22.15.0.tgz

package-lock.json:1426

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/puppeteer-core/-/puppeteer-core-22.15.0.tgz

package-lock.json:1446

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/relateurl/-/relateurl-0.2.7.tgz

package-lock.json:1462

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/require-directory/-/require-directory-2.1.1.tgz

package-lock.json:1471

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/resolve-from/-/resolve-from-4.0.0.tgz

package-lock.json:1480

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/semver/-/semver-7.7.4.tgz

package-lock.json:1489

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/slick/-/slick-1.12.2.tgz

package-lock.json:1501

🔗

Medium External URL 外部 URL

http://mootools.net/license.txt

package-lock.json:1503

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/smart-buffer/-/smart-buffer-4.2.0.tgz

package-lock.json:1510

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/socks/-/socks-2.8.7.tgz

package-lock.json:1520

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz

package-lock.json:1534

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/source-map/-/source-map-0.6.1.tgz

package-lock.json:1548

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/source-map-support/-/source-map-support-0.5.21.tgz

package-lock.json:1557

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/streamx/-/streamx-2.23.0.tgz

package-lock.json:1567

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/string-width/-/string-width-4.2.3.tgz

package-lock.json:1578

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/strip-ansi/-/strip-ansi-6.0.1.tgz

package-lock.json:1592

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tar-fs/-/tar-fs-3.1.2.tgz

package-lock.json:1604

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tar-stream/-/tar-stream-3.1.8.tgz

package-lock.json:1618

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/teex/-/teex-1.0.1.tgz

package-lock.json:1630

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/terser/-/terser-5.46.0.tgz

package-lock.json:1639

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/commander/-/commander-2.20.3.tgz

package-lock.json:1657

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/text-decoder/-/text-decoder-1.2.7.tgz

package-lock.json:1663

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/through/-/through-2.3.8.tgz

package-lock.json:1672

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tr46/-/tr46-0.0.3.tgz

package-lock.json:1678

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tslib/-/tslib-2.8.1.tgz

package-lock.json:1684

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz

package-lock.json:1690

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/undici-types/-/undici-types-7.18.2.tgz

package-lock.json:1700

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/urlpattern-polyfill/-/urlpattern-polyfill-10.0.0.tgz

package-lock.json:1707

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/valid-data-url/-/valid-data-url-3.0.1.tgz

package-lock.json:1713

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/web-resource-inliner/-/web-resource-inliner-6.0.1.tgz

package-lock.json:1722

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dom-serializer/-/dom-serializer-1.4.1.tgz

package-lock.json:1739

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domhandler/-/domhandler-4.3.1.tgz

package-lock.json:1753

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domhandler/-/domhandler-3.3.0.tgz

package-lock.json:1768

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/domutils/-/domutils-2.8.0.tgz

package-lock.json:1783

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/entities/-/entities-2.2.0.tgz

package-lock.json:1812

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/htmlparser2/-/htmlparser2-5.0.1.tgz

package-lock.json:1821

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz

package-lock.json:1836

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/whatwg-url/-/whatwg-url-5.0.0.tgz

package-lock.json:1842

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz

package-lock.json:1852

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/wrappy/-/wrappy-1.0.2.tgz

package-lock.json:1869

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ws/-/ws-8.19.0.tgz

package-lock.json:1875

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/y18n/-/y18n-5.0.8.tgz

package-lock.json:1896

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/yargs/-/yargs-17.7.2.tgz

package-lock.json:1905

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/yargs-parser/-/yargs-parser-21.1.1.tgz

package-lock.json:1923

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/yauzl/-/yauzl-2.10.0.tgz

package-lock.json:1932

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/zod/-/zod-3.23.8.tgz

package-lock.json:1942

🔗

Medium External URL 外部 URL

http://www.w3.org/2000/svg

scripts/convert.js:383

File Tree

17 files · 207.1 KB · 7138 lines

JSON 4f · 2067L Markdown 5f · 1630L JavaScript 2f · 1336L Python 1f · 1258L CSS 4f · 847L

├─ ▾ 📁 assets

│ ├─ ▾ 📁 themes

│ │ ├─ 📄 base.css CSS 214L · 4.1 KB

│ │ ├─ 📄 default.css CSS 279L · 5.5 KB

│ │ ├─ 📄 grace.css CSS 177L · 3.3 KB

│ │ └─ 📄 simple.css CSS 177L · 3.6 KB

│ └─ 📦 md-wechat-features.svg 6.2 KB

├─ ▾ 📁 references

│ ├─ 📝 config-reference.md Markdown 400L · 8.2 KB

│ └─ 📝 theme-reference.md Markdown 361L · 9.5 KB

├─ ▾ 📁 scripts

│ ├─ 📜 convert.js JavaScript 984L · 24.3 KB

│ ├─ 🐍 convert.py Python 1258L · 35.4 KB

│ └─ 📜 extract-config.js JavaScript 352L · 9.8 KB

├─ 📋 clawhub.json JSON 44L · 905 B

├─ 📋 md-config.json JSON 37L · 875 B

├─ 📋 package-lock.json JSON 1950L · 69.9 KB

├─ 📋 package.json JSON 36L · 798 B

├─ 📝 README_EN.md Markdown 239L · 6.8 KB

├─ 📝 README.md Markdown 241L · 6.2 KB

└─ 📝 SKILL.md Markdown 389L · 11.8 KB

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`marked`	`^12.0.0`	npm	No	使用 ^ 范围锁定
`highlight.js`	`^11.11.1`	npm	No	使用 ^ 范围锁定
`katex`	`^0.16.38`	npm	No	使用 ^ 范围锁定
`puppeteer`	`^22.0.0`	npm	No	使用 ^ 范围锁定；需下载 Chromium
`chalk`	`^5.6.2`	npm	No	终端彩色输出，仅用于日志
`commander`	`^12.1.0`	npm	No	CLI 参数解析

Security Positives

✓ 代码结构清晰，模块化设计良好

✓ 所有声明的能力与实际实现完全一致，无阴影功能

✓ 使用标准开源库（marked、highlight.js、katex、juice），无自定义恶意代码

✓ 无 eval、base64 解码、动态代码执行等高危操作

✓ 无凭证收割、敏感路径访问、数据外泄等恶意行为

✓ HTML 输出有安全清理（清理零宽字符、BOM 等）

✓ 文档完整详细，Usage Examples 清晰

Scan Report

Findings 1 items

File Tree

Dependencies 6 items

Security Positives