中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
AI Content Repurposer
Transform long-form content into multiple formats: YouTube→TikTok/Shorts, Blog→Twitter/LinkedIn, Podcast→Transcripts/Summaries
The AI Content Repurposer skill is a straightforward content transformation tool with no malicious behavior. All operations are declared, legitimate, and confined to their stated purpose.
技能名称AI Content Repurposer
分析耗时34.9s
引擎pi
可以安装
No action needed. The skill is safe to use.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 bin/cli.js: fs.readFileSync() for input files; fs.writeFileSync() only for -o ou…
网络访问 READ READ ✓ 一致 src/converter.js: axios.get() for blog URLs; axios.post() to api.openai.com for …
命令执行 NONE NONE No subprocess, exec, or shell command invocation found anywhere in the codebase
环境变量 READ READ ✓ 一致 src/converter.js:15 — process.env.OPENAI_API_KEY accessed for API key, used only…
技能调用 NONE NONE No inter-skill invocation detected
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation detected
数据库 NONE NONE No database access found
1 高危 9 项发现
🔑
高危 API 密钥 疑似硬编码凭证
apiKey: 'your-openai-api-key'
SKILL.md:257
🔗
中危 外部 URL 外部 URL
https://yourblog.com/post
QUICKSTART.md:41
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/version-1.0.0-blue
README.md:7
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/license-MIT-green
README.md:8
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen
README.md:9
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/skills/ai-content-repurposer
README.md:294
🔗
中危 外部 URL 外部 URL
https://www.youtube.com/watch?v=dQw4w9WgXcQ
test/test.js:30
🔗
中危 外部 URL 外部 URL
https://youtu.be/dQw4w9WgXcQ
test/test.js:37
📧
提示 邮箱 邮箱地址
[email protected]
README.md:296

目录结构

13 文件 · 84.3 KB · 2900 行
Markdown 5f · 1346L JavaScript 3f · 778L JSON 4f · 749L Text 1f · 27L
├─ 📁 bin
│ └─ 📜 cli.js JavaScript 327L · 10.8 KB
├─ 📁 examples
│ ├─ 📋 batch-config.json JSON 33L · 864 B
│ └─ 📄 sample-transcript.txt Text 27L · 1.8 KB
├─ 📁 src
│ └─ 📜 converter.js JavaScript 363L · 11.0 KB
├─ 📁 test
│ └─ 📜 test.js JavaScript 88L · 2.5 KB
├─ 📋 clawhub.json JSON 65L · 1.6 KB
├─ 📝 COMPLETION_REPORT.md Markdown 337L · 9.3 KB
├─ 📝 LAUNCH_CHECKLIST.md Markdown 179L · 4.9 KB
├─ 📋 package-lock.json JSON 609L · 21.3 KB
├─ 📋 package.json JSON 42L · 1003 B
├─ 📝 QUICKSTART.md Markdown 166L · 3.8 KB
├─ 📝 README.md Markdown 327L · 6.6 KB
└─ 📝 SKILL.md Markdown 337L · 8.7 KB

依赖分析 3 项

包名版本来源已知漏洞备注
axios ^1.6.0 npm Standard HTTP client, used only for declared API calls
cheerio ^1.0.0-rc.12 npm HTML parser for blog content extraction
commander ^11.0.0 npm CLI argument parsing

安全亮点

✓ No shell command execution, subprocess, or os.system calls anywhere in the codebase
✓ No base64 encoding, eval(), or dynamic code execution
✓ No credential harvesting — OPENAI_API_KEY is read only for the declared OpenAI API call
✓ No network connections to external IPs beyond the documented api.openai.com endpoint
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No remote script download or execution (no curl|bash or wget|sh patterns)
✓ No hidden HTML instructions or steganographic payloads
✓ Network requests limited to declared purposes: blog fetching and OpenAI API
✓ Dependencies (axios, cheerio, commander) are standard and version-pinned
✓ File I/O is restricted to user-specified input files and output paths via CLI flags