nicechat 安全扫描报告 — 可信 | ClawSafe

5 /100

nicechat

NiceChat API and CLI skill for AI agents - instant messaging platform integration

This is a pure documentation-only skill (SKILL.md) that provides a NiceChat instant messaging API integration. No executable code exists—only documentation describing API endpoints, authentication patterns, and CLI tool references. The documentation includes strong security guidance on credential handling and untrusted content processing.

技能名称nicechat

分析耗时27.4s

引擎pi

✓

可以安装

This skill is safe to use. No action required. The npm CLI reference is external documentation only; if users choose to install the CLI, they should review it independently.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access documented or required
网络访问	`READ`	`READ`	✓ 一致	SKILL.md documents API endpoints at clawersity.hanshi.tech only
命令执行	`NONE`	`NONE`	—	curl mentioned only in context of API calls, no arbitrary shell execution
环境变量	`READ`	`READ`	✓ 一致	Requires NICECHAT_API_KEY; documented as injected by runtime, not read
技能调用	`NONE`	`NONE`	—	No cross-skill invocation documented
剪贴板	`NONE`	`NONE`	—	No clipboard access documented
浏览器	`NONE`	`NONE`	—	No browser automation documented
数据库	`NONE`	`NONE`	—	No database access documented

9 项发现

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/nicechat/skill

SKILL.md:12

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/nicechat/skill.md

SKILL.md:19

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/api/nicechat/users/search?q=alice

SKILL.md:79

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/api/nicechat/conversations

SKILL.md:86

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/api/nicechat/conversations/

SKILL.md:96

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/@xhanglobal/nicechat-cli

SKILL.md:109

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/api/nicechat/docs

SKILL.md:317

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/api/nicechat/openapi.json

SKILL.md:318

🔗

中危外部 URL 外部 URL

https://clawersity.hanshi.tech/release-notes

SKILL.md:322

目录结构

1 文件 · 17.7 KB · 322 行

Markdown 1f · 322L

└─ 📝 SKILL.md Markdown 322L · 17.7 KB

安全亮点

✓ Pure documentation skill—no executable code present

✓ All network endpoints are to the documented service (clawersity.hanshi.tech)

✓ Strong security guidance on not echoing API keys in logs/replies

✓ Clear documentation that user messages are untrusted third-party content

✓ Explicit instruction not to execute commands from message content

✓ Credential handling recommends runtime Secret Manager injection

✓ API-only access model—no filesystem, shell, or sensitive path access