weread-import Security Report — Trusted | ClawSafe

5 /100

weread-import

导出微信读书划线与想法为 Markdown 文件，支持 Obsidian

weread-import 是一个合法的微信读书笔记导出工具，代码结构清晰，仅依赖 playwright，声明与实现完全一致，无恶意行为。

Skill Nameweread-import

Duration86.0s

Enginepi

✓

Safe to install

该技能安全可用，建议通过 npm test 验证功能后部署。

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	src/render.mjs:86 写入用户指定输出目录
Network	`READ`	`READ`	✓ Aligned	src/api.mjs:5 仅请求 weread.qq.com
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/run.sh:26 exec node
Browser	`WRITE`	`WRITE`	✓ Aligned	src/dom.mjs:2 Playwright CDP 连接 Chrome
Environment	`READ`	`READ`	✓ Aligned	src/cli.mjs:17-34 读取多个 WEREAD_* 变量

1 High 8 findings

📡

High IP Address 硬编码 IP 地址

146.0.0.0

src/api.mjs:5

🔗

Medium External URL 外部 URL

http://127.0.0.1:9222

README.md:91

🔗

Medium External URL 外部 URL

https://weread.qq.com/

README.md:99

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fsevents/-/fsevents-2.3.2.tgz

package-lock.json:20

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/playwright/-/playwright-1.58.2.tgz

package-lock.json:34

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/playwright-core/-/playwright-core-1.58.2.tgz

package-lock.json:52

🔗

Medium External URL 外部 URL

https://weread.qq.com

src/api.mjs:4

🔗

Medium External URL 外部 URL

https://weread.qq.com/web/shelf

src/dom.mjs:5

File Tree

27 files · 69.3 KB · 1992 lines

JavaScript 16f · 1228L Markdown 7f · 591L JSON 2f · 108L Shell 2f · 65L

├─ ▾ 📁 docs

│ └─ 📝 DESIGN.md Markdown 74L · 1.9 KB

├─ ▾ 📁 examples

│ └─ 📝 sample-output.md Markdown 66L · 1.1 KB

├─ ▾ 📁 references

│ └─ 📝 workflows.md Markdown 63L · 1.8 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 open-chrome-debug.sh Shell 38L · 1.2 KB

│ └─ 🔧 run.sh Shell 27L · 894 B

├─ ▾ 📁 src

│ ├─ 📜 api.mjs JavaScript 77L · 3.2 KB

│ ├─ 📜 cli.mjs JavaScript 210L · 9.7 KB

│ ├─ 📜 cookie.mjs JavaScript 23L · 1.0 KB

│ ├─ 📜 dom.mjs JavaScript 71L · 3.2 KB

│ ├─ 📜 entries.mjs JavaScript 68L · 2.6 KB

│ ├─ 📜 errors.mjs JavaScript 13L · 261 B

│ ├─ 📜 index.mjs JavaScript 9L · 937 B

│ ├─ 📜 markdown-parser.mjs JavaScript 88L · 3.3 KB

│ ├─ 📜 merge.mjs JavaScript 113L · 4.5 KB

│ ├─ 📜 render.mjs JavaScript 128L · 5.2 KB

│ ├─ 📜 state.mjs JavaScript 18L · 639 B

│ └─ 📜 utils.mjs JavaScript 16L · 568 B

├─ ▾ 📁 tests

│ ├─ 📜 merge.test.mjs JavaScript 98L · 3.7 KB

│ ├─ 📜 parser.test.mjs JavaScript 128L · 3.5 KB

│ ├─ 📜 render.test.mjs JavaScript 99L · 3.6 KB

│ └─ 📜 utils.test.mjs JavaScript 69L · 1.9 KB

├─ 📝 CLAUDE.md Markdown 47L · 2.0 KB

├─ 📋 package-lock.json JSON 63L · 1.7 KB

├─ 📋 package.json JSON 45L · 974 B

├─ 📝 README.md Markdown 190L · 5.5 KB

├─ 📝 SKILL.md Markdown 82L · 3.3 KB

└─ 📝 TEMPLATE.md Markdown 69L · 1.1 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`^1.53.0`	npm	No	有版本锁定

Security Positives

✓ 代码结构清晰，模块化设计良好

✓ 仅有一个运行时依赖 playwright，有版本锁定

✓ 声明与实现完全一致，无阴影功能

✓ 错误处理完善，区分 WereadAuthError 和 WereadApiError

✓ 有完整的单元测试覆盖

✓ 使用标准 Node.js ESM 模块，无危险动态执行

✓ 所有网络请求仅指向 weread.qq.com 和本地 CDP

Scan Report

File Tree

Dependencies 1 items

Security Positives