crossborder-ecom-hub Security Report — Trusted | ClawSafe

5 /100

crossborder-ecom-hub

跨境电商多平台管理技能 - TikTok+Amazon+Shopee+Lazada 统一管理

A legitimate cross-border e-commerce multi-platform management CLI tool with no malicious behavior detected.

Skill Namecrossborder-ecom-hub

Duration52.5s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	bin/cli.js:128 creates ~/.crossborder-ecom/config.json
Network	`NONE`	`READ`	✓ Aligned	src/platforms/index.js makes API calls to tiktok/amazon/shopee/lazada
Environment	`NONE`	`READ`	✓ Aligned	src/feishu.js:15 reads FEISHU_APP_ID, FEISHU_APP_SECRET
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access
Skill Invoke	`NONE`	`READ`	✓ Aligned	CLI commands: sync, order, pricing, inventory, report, platform

21 findings

🔗

Medium External URL 外部 URL

https://partner.tiktokshop.com/

DEVELOPMENT_SUMMARY.md:282

🔗

Medium External URL 外部 URL

https://developer.amazon.com/sp-api

DEVELOPMENT_SUMMARY.md:283

🔗

Medium External URL 外部 URL

https://open.shopee.com/

DEVELOPMENT_SUMMARY.md:284

🔗

Medium External URL 外部 URL

https://open.lazada.com/

DEVELOPMENT_SUMMARY.md:285

🔗

Medium External URL 外部 URL

https://open.feishu.cn/

DEVELOPMENT_SUMMARY.md:286

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/crossborder-ecom-hub

DEVELOPMENT_SUMMARY.md:304

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/crossborder-ecom-hub/docs

DEVELOPMENT_SUMMARY.md:306

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/crossborder-ecom-hub.svg

README.md:5

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/crossborder-ecom-hub

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/license-Commercial-blue.svg

README.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen.svg

README.md:7

🔗

Medium External URL 外部 URL

https://nodejs.org/

README.md:7

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/crossborder-ecom-hub/docs\n

demo.js:165

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

src/feishu.js:28

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/bitable/v1/apps/$

src/feishu.js:292

🔗

Medium External URL 外部 URL

https://open-api.tiktokglobalshop.com

src/platforms/index.js:30

🔗

Medium External URL 外部 URL

https://sellingpartnerapi-na.amazon.com

src/platforms/index.js:61

🔗

Medium External URL 外部 URL

https://partner.shopeemobile.com

src/platforms/index.js:92

🔗

Medium External URL 外部 URL

https://api.lazada.com

src/platforms/index.js:123

📧

Info Email 邮箱地址

[email protected]

DEVELOPMENT_SUMMARY.md:307

📧

Info Email 邮箱地址

[email protected]

config.example.json:49

File Tree

21 files · 114.6 KB · 4187 lines

JavaScript 15f · 2901L Markdown 3f · 1082L JSON 3f · 204L

├─ ▾ 📁 bin

│ └─ 📜 cli.js JavaScript 203L · 6.6 KB

├─ ▾ 📁 commands

│ ├─ 📜 inventory.js JavaScript 115L · 3.9 KB

│ ├─ 📜 order.js JavaScript 116L · 3.7 KB

│ ├─ 📜 platform.js JavaScript 136L · 4.6 KB

│ ├─ 📜 pricing.js JavaScript 119L · 4.3 KB

│ ├─ 📜 report.js JavaScript 161L · 6.0 KB

│ └─ 📜 sync.js JavaScript 110L · 3.6 KB

├─ ▾ 📁 src

│ ├─ ▾ 📁 platforms

│ │ └─ 📜 index.js JavaScript 384L · 10.4 KB

│ ├─ 📜 feishu.js JavaScript 395L · 11.0 KB

│ ├─ 📜 index.js JavaScript 39L · 782 B

│ ├─ 📜 inventory.js JavaScript 212L · 5.1 KB

│ ├─ 📜 orders.js JavaScript 163L · 4.1 KB

│ ├─ 📜 pricing.js JavaScript 227L · 6.3 KB

│ └─ 📜 reports.js JavaScript 311L · 8.8 KB

├─ 📋 clawhub.json JSON 97L · 2.2 KB

├─ 📋 config.example.json JSON 62L · 1.4 KB

├─ 📜 demo.js JavaScript 210L · 7.0 KB

├─ 📝 DEVELOPMENT_SUMMARY.md Markdown 324L · 8.0 KB

├─ 📋 package.json JSON 45L · 933 B

├─ 📝 README.md Markdown 425L · 9.4 KB

└─ 📝 SKILL.md Markdown 333L · 6.4 KB

Dependencies 7 items

Package	Version	Source	Known Vulns	Notes
`axios`	`^1.6.0`	npm	No	Standard HTTP client, widely used
`commander`	`^11.1.0`	npm	No	Standard CLI framework
`chalk`	`^5.3.0`	npm	No	Terminal string styling
`ora`	`^7.0.1`	npm	No	Terminal spinner
`dayjs`	`^1.11.10`	npm	No	Date manipulation library
`node-fetch`	`^3.3.2`	npm	No	Fetch API for Node.js
`dotenv`	`^16.3.1`	npm	No	Environment variable loading

Security Positives

✓ No shell execution or subprocess usage - purely Node.js application logic

✓ No credential theft or exfiltration - credentials used only for legitimate platform authentication

✓ No data exfiltration - all network calls go to official platform APIs (TikTok, Amazon, Shopee, Lazada, Feishu)

✓ No obfuscation techniques - clean, readable code without base64 or eval

✓ No hidden functionality - implementation matches documented capabilities

✓ No sensitive path access - does not read ~/.ssh, ~/.aws, or .env files

✓ No remote code execution - no curl|bash, wget|sh, or similar patterns

✓ No persistence mechanisms - no cron jobs, startup hooks, or backdoor installation

✓ Dependencies are well-known, reputable packages (axios, commander, chalk, ora, dayjs)

✓ Configuration stored locally at ~/.crossborder-ecom/config.json as documented

✓ Mock data used for demonstration - no actual API calls made without user configuration

Scan Report

File Tree

Dependencies 7 items

Security Positives