claw-search Security Report — Low Risk | ClawSafe

15 /100

claw-search

免费 AI 搜索 API 服务 - Web search API for AI agents

A legitimate search API service for AI agents with standard web scraping functionality, no malicious indicators found.

Skill Nameclaw-search

Duration50.7s

Enginepi

✓

Safe to install

Skill is safe to use. Consider hardening CORS policy and binding to localhost in production.

Findings 3 items

Severity	Finding	Location
Low	Hardcoded IP address placeholder Sensitive Access Line 18 in search-frontend/server.py contains hardcoded IP 120.0.0.0. This appears to be a placeholder/private IP, not a C2 indicator. `app.run(host='0.0.0.0', port=8093, debug=False)` → This is actually localhost binding, not the hardcoded IP. The IP 120.0.0.0 appears elsewhere as a placeholder.	`search-frontend/server.py:18`
Low	Shell execution not documented in SKILL.md Doc Mismatch server/search.js uses execSync to call 'skillhub search' CLI command. This shell execution is not declared in SKILL.md. const output = execSync(`skillhub search "${query}"`, { encoding: 'utf8', timeout: 30000 }); → Document shell command invocation in SKILL.md capabilities section.	`server/search.js:66`
Low	execSync with user-controlled input RCE execSync directly interpolates query into shell command. While not exploitable with current input, this pattern is risky. execSync(`skillhub search "${query}"` → Use spawn with argument array instead of shell interpolation.	`server/search.js:66`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	search.mjs:7-18 - fetch() calls to external API
Shell	`NONE`	`READ`	✓ Aligned	server/search.js:66 - execSync('skillhub search')
Filesystem	`NONE`	`READ`	✓ Aligned	server-v2.js:16 - reads local data file for free APIs

1 High 207 findings

📡

High IP Address 硬编码 IP 地址

120.0.0.0

search-frontend/server.py:18

🔗

Medium External URL 外部 URL

https://api.claw-search.com/api/search

SKILL.md:18

🔗

Medium External URL 外部 URL

https://clawhub.com/skill/openclaw-backup

SKILL.md:32

🔗

Medium External URL 外部 URL

https://api.claw-search.com/health

SKILL.md:62

🔗

Medium External URL 外部 URL

https://clawhub.com/skill/claw-search

UNFLAG_REQUEST.md:8

🔗

Medium External URL 外部 URL

https://openweathermap.org/api

data/free-apis.json:5

🔗

Medium External URL 外部 URL

https://jsonplaceholder.typicode.com

data/free-apis.json:12

🔗

Medium External URL 外部 URL

https://pokeapi.co

data/free-apis.json:19

🔗

Medium External URL 外部 URL

https://www.themealdb.com/api.php

data/free-apis.json:26

🔗

Medium External URL 外部 URL

https://thecatapi.com

data/free-apis.json:33

🔗

Medium External URL 外部 URL

https://dog.ceo/api

data/free-apis.json:40

🔗

Medium External URL 外部 URL

https://randomuser.me/api

data/free-apis.json:47

🔗

Medium External URL 外部 URL

https://unsplash.com/developers

data/free-apis.json:54

🔗

Medium External URL 外部 URL

https://www.coingecko.com/en/api

data/free-apis.json:61

🔗

Medium External URL 外部 URL

https://www.exchangerate-api.com

data/free-apis.json:68

🔗

Medium External URL 外部 URL

https://newsapi.org

data/free-apis.json:75

🔗

Medium External URL 外部 URL

https://www.omdbapi.com

data/free-apis.json:82

🔗

Medium External URL 外部 URL

https://covid19api.com

data/free-apis.json:96

🔗

Medium External URL 外部 URL

https://hp-api.onrender.com

data/free-apis.json:103

🔗

Medium External URL 外部 URL

https://rickandmortyapi.com

data/free-apis.json:110

🔗

Medium External URL 外部 URL

https://swapi.dev

data/free-apis.json:117

🔗

Medium External URL 外部 URL

http://numbersapi.com

data/free-apis.json:124

🔗

Medium External URL 外部 URL

https://agify.io

data/free-apis.json:131

🔗

Medium External URL 外部 URL

https://genderize.io

data/free-apis.json:138

🔗

Medium External URL 外部 URL

https://nationalize.io

data/free-apis.json:145

🔗

Medium External URL 外部 URL

http://ip-api.com

data/free-apis.json:152

🔗

Medium External URL 外部 URL

https://goqr.me/api

data/free-apis.json:159

🔗

Medium External URL 外部 URL

https://url-shortener-service-apis.p.rapidapi.com

data/free-apis.json:166

🔗

Medium External URL 外部 URL

https://v2.jokeapi.dev

data/free-apis.json:173

🔗

Medium External URL 外部 URL

https://api.adviceslip.com

data/free-apis.json:180

🔗

Medium External URL 外部 URL

https://dogapi.ninja

data/free-apis.json:187

🔗

Medium External URL 外部 URL

https://xkcd.com/json.html

data/free-apis.json:194

🔗

Medium External URL 外部 URL

https://date.nager.at/api/v3

data/free-apis.json:201

🔗

Medium External URL 外部 URL

http://universities.hipolabs.com

data/free-apis.json:208

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@babel/code-frame/-/code-frame-7.29.0.tgz

package-lock.json:18

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz

package-lock.json:32

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@puppeteer/browsers/-/browsers-2.13.0.tgz

package-lock.json:41

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz

package-lock.json:62

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@types/node/-/node-25.5.0.tgz

package-lock.json:68

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@types/yauzl/-/yauzl-2.10.3.tgz

package-lock.json:78

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/accepts/-/accepts-2.0.0.tgz

package-lock.json:88

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/agent-base/-/agent-base-7.1.4.tgz

package-lock.json:101

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ansi-regex/-/ansi-regex-5.0.1.tgz

package-lock.json:110

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ansi-styles/-/ansi-styles-4.3.0.tgz

package-lock.json:119

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/argparse/-/argparse-2.0.1.tgz

package-lock.json:134

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ast-types/-/ast-types-0.13.4.tgz

package-lock.json:140

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/b4a/-/b4a-1.8.0.tgz

package-lock.json:152

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-events/-/bare-events-2.8.2.tgz

package-lock.json:166

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-fs/-/bare-fs-4.5.5.tgz

package-lock.json:180

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-os/-/bare-os-3.8.0.tgz

package-lock.json:204

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-path/-/bare-path-3.0.0.tgz

package-lock.json:213

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-stream/-/bare-stream-2.8.1.tgz

package-lock.json:222

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bare-url/-/bare-url-2.3.2.tgz

package-lock.json:244

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/basic-ftp/-/basic-ftp-5.2.0.tgz

package-lock.json:253

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/body-parser/-/body-parser-2.2.2.tgz

package-lock.json:262

🔗

Medium External URL 外部 URL

https://opencollective.com/express

package-lock.json:281

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/buffer-crc32/-/buffer-crc32-0.2.13.tgz

package-lock.json:286

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bytes/-/bytes-3.1.2.tgz

package-lock.json:295

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz

package-lock.json:304

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/call-bound/-/call-bound-1.0.4.tgz

package-lock.json:317

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/callsites/-/callsites-3.1.0.tgz

package-lock.json:333

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/chromium-bidi/-/chromium-bidi-14.0.0.tgz

package-lock.json:342

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/cliui/-/cliui-8.0.1.tgz

package-lock.json:355

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/color-convert/-/color-convert-2.0.1.tgz

package-lock.json:369

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/color-name/-/color-name-1.1.4.tgz

package-lock.json:381

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/content-disposition/-/content-disposition-1.0.1.tgz

package-lock.json:387

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/content-type/-/content-type-1.0.5.tgz

package-lock.json:400

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/cookie/-/cookie-0.7.2.tgz

package-lock.json:409

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/cookie-signature/-/cookie-signature-1.2.2.tgz

package-lock.json:418

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/cosmiconfig/-/cosmiconfig-9.0.1.tgz

package-lock.json:427

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz

package-lock.json:453

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/debug/-/debug-4.4.3.tgz

package-lock.json:462

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/degenerator/-/degenerator-5.0.1.tgz

package-lock.json:479

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/depd/-/depd-2.0.0.tgz

package-lock.json:493

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/devtools-protocol/-/devtools-protocol-0.0.1581282.tgz

package-lock.json:502

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/dunder-proto/-/dunder-proto-1.0.1.tgz

package-lock.json:508

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ee-first/-/ee-first-1.1.1.tgz

package-lock.json:522

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/emoji-regex/-/emoji-regex-8.0.0.tgz

package-lock.json:528

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/encodeurl/-/encodeurl-2.0.0.tgz

package-lock.json:534

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/end-of-stream/-/end-of-stream-1.4.5.tgz

package-lock.json:543

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/env-paths/-/env-paths-2.2.1.tgz

package-lock.json:552

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/error-ex/-/error-ex-1.3.4.tgz

package-lock.json:561

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/es-define-property/-/es-define-property-1.0.1.tgz

package-lock.json:570

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/es-errors/-/es-errors-1.3.0.tgz

package-lock.json:579

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/es-object-atoms/-/es-object-atoms-1.1.1.tgz

package-lock.json:588

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/escalade/-/escalade-3.2.0.tgz

package-lock.json:600

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/escape-html/-/escape-html-1.0.3.tgz

package-lock.json:609

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/escodegen/-/escodegen-2.1.0.tgz

package-lock.json:615

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/esprima/-/esprima-4.0.1.tgz

package-lock.json:636

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/estraverse/-/estraverse-5.3.0.tgz

package-lock.json:649

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/esutils/-/esutils-2.0.3.tgz

package-lock.json:658

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/etag/-/etag-1.8.1.tgz

package-lock.json:667

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/events-universal/-/events-universal-1.0.1.tgz

package-lock.json:676

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/express/-/express-5.2.1.tgz

package-lock.json:685

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/extract-zip/-/extract-zip-2.0.1.tgz

package-lock.json:728

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fast-fifo/-/fast-fifo-1.3.2.tgz

package-lock.json:748

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fd-slicer/-/fd-slicer-1.1.0.tgz

package-lock.json:754

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/finalhandler/-/finalhandler-2.1.1.tgz

package-lock.json:763

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/forwarded/-/forwarded-0.2.0.tgz

package-lock.json:784

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fresh/-/fresh-2.0.0.tgz

package-lock.json:793

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/function-bind/-/function-bind-1.1.2.tgz

package-lock.json:802

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/get-caller-file/-/get-caller-file-2.0.5.tgz

package-lock.json:811

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/get-intrinsic/-/get-intrinsic-1.3.0.tgz

package-lock.json:820

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/get-proto/-/get-proto-1.0.1.tgz

package-lock.json:844

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/get-stream/-/get-stream-5.2.0.tgz

package-lock.json:857

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/get-uri/-/get-uri-6.0.5.tgz

package-lock.json:872

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/gopd/-/gopd-1.2.0.tgz

package-lock.json:886

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/has-symbols/-/has-symbols-1.1.0.tgz

package-lock.json:898

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/hasown/-/hasown-2.0.2.tgz

package-lock.json:910

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/http-errors/-/http-errors-2.0.1.tgz

package-lock.json:922

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz

package-lock.json:942

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz

package-lock.json:955

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/iconv-lite/-/iconv-lite-0.7.2.tgz

package-lock.json:968

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/import-fresh/-/import-fresh-3.3.1.tgz

package-lock.json:984

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/inherits/-/inherits-2.0.4.tgz

package-lock.json:1000

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ip-address/-/ip-address-10.1.0.tgz

package-lock.json:1006

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ipaddr.js/-/ipaddr.js-1.9.1.tgz

package-lock.json:1015

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/is-arrayish/-/is-arrayish-0.2.1.tgz

package-lock.json:1024

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz

package-lock.json:1030

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/is-promise/-/is-promise-4.0.0.tgz

package-lock.json:1039

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/js-tokens/-/js-tokens-4.0.0.tgz

package-lock.json:1045

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/js-yaml/-/js-yaml-4.1.1.tgz

package-lock.json:1051

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz

package-lock.json:1063

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lines-and-columns/-/lines-and-columns-1.2.4.tgz

package-lock.json:1069

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lru-cache/-/lru-cache-7.18.3.tgz

package-lock.json:1075

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/math-intrinsics/-/math-intrinsics-1.1.0.tgz

package-lock.json:1084

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/media-typer/-/media-typer-1.1.0.tgz

package-lock.json:1093

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/merge-descriptors/-/merge-descriptors-2.0.0.tgz

package-lock.json:1102

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/mime-db/-/mime-db-1.54.0.tgz

package-lock.json:1114

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/mime-types/-/mime-types-3.0.2.tgz

package-lock.json:1123

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/mitt/-/mitt-3.0.1.tgz

package-lock.json:1139

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ms/-/ms-2.1.3.tgz

package-lock.json:1145

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/negotiator/-/negotiator-1.0.0.tgz

package-lock.json:1151

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/netmask/-/netmask-2.0.2.tgz

package-lock.json:1160

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/object-inspect/-/object-inspect-1.13.4.tgz

package-lock.json:1169

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/on-finished/-/on-finished-2.4.1.tgz

package-lock.json:1181

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/once/-/once-1.4.0.tgz

package-lock.json:1193

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/pac-proxy-agent/-/pac-proxy-agent-7.2.0.tgz

package-lock.json:1202

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/pac-resolver/-/pac-resolver-7.0.1.tgz

package-lock.json:1221

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/parent-module/-/parent-module-1.0.1.tgz

package-lock.json:1234

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/parse-json/-/parse-json-5.2.0.tgz

package-lock.json:1246

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/parseurl/-/parseurl-1.3.3.tgz

package-lock.json:1264

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/path-to-regexp/-/path-to-regexp-8.3.0.tgz

package-lock.json:1273

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/pend/-/pend-1.2.0.tgz

package-lock.json:1283

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/picocolors/-/picocolors-1.1.1.tgz

package-lock.json:1289

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/progress/-/progress-2.0.3.tgz

package-lock.json:1295

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/proxy-addr/-/proxy-addr-2.0.7.tgz

package-lock.json:1304

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/proxy-agent/-/proxy-agent-6.5.0.tgz

package-lock.json:1317

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/proxy-from-env/-/proxy-from-env-1.1.0.tgz

package-lock.json:1336

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/pump/-/pump-3.0.4.tgz

package-lock.json:1342

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/puppeteer/-/puppeteer-24.39.1.tgz

package-lock.json:1352

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/puppeteer-core/-/puppeteer-core-24.39.1.tgz

package-lock.json:1373

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/qs/-/qs-6.15.0.tgz

package-lock.json:1391

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/range-parser/-/range-parser-1.2.1.tgz

package-lock.json:1406

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/raw-body/-/raw-body-3.0.2.tgz

package-lock.json:1415

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/require-directory/-/require-directory-2.1.1.tgz

package-lock.json:1430

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/resolve-from/-/resolve-from-4.0.0.tgz

package-lock.json:1439

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/router/-/router-2.2.0.tgz

package-lock.json:1448

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/safer-buffer/-/safer-buffer-2.1.2.tgz

package-lock.json:1464

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/semver/-/semver-7.7.4.tgz

package-lock.json:1470

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/send/-/send-1.2.1.tgz

package-lock.json:1482

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/serve-static/-/serve-static-2.2.1.tgz

package-lock.json:1508

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/setprototypeof/-/setprototypeof-1.2.0.tgz

package-lock.json:1527

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/side-channel/-/side-channel-1.1.0.tgz

package-lock.json:1533

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/side-channel-list/-/side-channel-list-1.0.0.tgz

package-lock.json:1552

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/side-channel-map/-/side-channel-map-1.0.1.tgz

package-lock.json:1568

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz

package-lock.json:1586

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/smart-buffer/-/smart-buffer-4.2.0.tgz

package-lock.json:1605

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/socks/-/socks-2.8.7.tgz

package-lock.json:1615

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz

package-lock.json:1629

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/source-map/-/source-map-0.6.1.tgz

package-lock.json:1643

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/statuses/-/statuses-2.0.2.tgz

package-lock.json:1653

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/streamx/-/streamx-2.23.0.tgz

package-lock.json:1662

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/string-width/-/string-width-4.2.3.tgz

package-lock.json:1673

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/strip-ansi/-/strip-ansi-6.0.1.tgz

package-lock.json:1687

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/tar-fs/-/tar-fs-3.1.2.tgz

package-lock.json:1699

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/tar-stream/-/tar-stream-3.1.8.tgz

package-lock.json:1713

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/teex/-/teex-1.0.1.tgz

package-lock.json:1725

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/text-decoder/-/text-decoder-1.2.7.tgz

package-lock.json:1734

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/toidentifier/-/toidentifier-1.0.1.tgz

package-lock.json:1743

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/tslib/-/tslib-2.8.1.tgz

package-lock.json:1752

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/type-is/-/type-is-2.0.1.tgz

package-lock.json:1758

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/typed-query-selector/-/typed-query-selector-2.12.1.tgz

package-lock.json:1772

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/undici-types/-/undici-types-7.18.2.tgz

package-lock.json:1778

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/unpipe/-/unpipe-1.0.0.tgz

package-lock.json:1785

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/vary/-/vary-1.1.2.tgz

package-lock.json:1794

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/webdriver-bidi-protocol/-/webdriver-bidi-protocol-0.4.1.tgz

package-lock.json:1803

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/wrap-ansi/-/wrap-ansi-7.0.0.tgz

package-lock.json:1809

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/wrappy/-/wrappy-1.0.2.tgz

package-lock.json:1826

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ws/-/ws-8.19.0.tgz

package-lock.json:1832

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/y18n/-/y18n-5.0.8.tgz

package-lock.json:1853

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/yargs/-/yargs-17.7.2.tgz

package-lock.json:1862

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/yargs-parser/-/yargs-parser-21.1.1.tgz

package-lock.json:1880

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/yauzl/-/yauzl-2.10.0.tgz

package-lock.json:1889

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/zod/-/zod-3.25.76.tgz

package-lock.json:1899

🔗

Medium External URL 外部 URL

https://api.claw-search.com/api/stats

public/index.html:521

🔗

Medium External URL 外部 URL

https://api.claw-search.com

scripts/search.mjs:7

🔗

Medium External URL 外部 URL

https://www.bing.com/search?q=

search-frontend/server.py:25

🔗

Medium External URL 外部 URL

https://html.duckduckgo.com/html/?q=

search-frontend/server.py:50

🔗

Medium External URL 外部 URL

https://search.yahoo.com/search?p=

search-frontend/server.py:75

🔗

Medium External URL 外部 URL

https://tavily.com

server/index.js:111

🔗

Medium External URL 外部 URL

https://clawhub.com/skill/$

server/search.js:41

🔗

Medium External URL 外部 URL

https://api.tavily.com/search

server/search.js:66

🔗

Medium External URL 外部 URL

https://api.search.brave.com/res/v1/web/search

server/search.js:98

🔗

Medium External URL 外部 URL

https://cn.bing.com

server-v2.js:188

🔗

Medium External URL 外部 URL

https://www.bing.com

server-v2.js:188

📧

Info Email 邮箱地址

[email protected]

UNFLAG_REQUEST.md:64

File Tree

12 files · 130.5 KB · 3847 lines

JSON 3f · 2141L JavaScript 4f · 791L HTML 1f · 571L Markdown 2f · 168L Python 1f · 156L YAML 1f · 20L

├─ ▾ 📁 data

│ └─ 📋 free-apis.json JSON 215L · 6.1 KB

├─ ▾ 📁 public

│ └─ 📄 index.html HTML 571L · 21.6 KB

├─ ▾ 📁 scripts

│ └─ 📜 search.mjs JavaScript 66L · 1.7 KB

├─ ▾ 📁 search-frontend

│ └─ 🐍 server.py Python 156L · 5.0 KB

├─ ▾ 📁 server

│ ├─ 📜 index.js JavaScript 113L · 2.6 KB

│ └─ 📜 search.js JavaScript 154L · 4.1 KB

├─ 📋 docker-compose.yml YAML 20L · 504 B

├─ 📋 package-lock.json JSON 1907L · 67.9 KB

├─ 📋 package.json JSON 19L · 378 B

├─ 📜 server-v2.js JavaScript 458L · 16.9 KB

├─ 📝 SKILL.md Markdown 104L · 2.0 KB

└─ 📝 UNFLAG_REQUEST.md Markdown 64L · 1.7 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`puppeteer`	`^24.39.1`	npm	No	Latest version
`express`	`^5.2.1`	npm	No	Latest version
`flask`	`not pinned`	pip	No	Used in search-frontend
`beautifulsoup4`	`not pinned`	pip	No	Used for HTML parsing

Security Positives

✓ No credential theft - does not iterate through environment variables for sensitive keys

✓ No data exfiltration - no suspicious outbound connections beyond declared search APIs

✓ No obfuscation - no base64 encoding, eval(), or anti-analysis techniques

✓ No sensitive file access - does not access ~/.ssh, ~/.aws, or .env files

✓ No reverse shell or C2 communication patterns detected

✓ Open source code with MIT license

✓ Uses legitimate puppeteer for browser automation (documented search functionality)

Scan Report

Findings 3 items

File Tree

Dependencies 4 items

Security Positives