mofang-records Security Report — Low Risk | ClawSafe

15 /100

mofang-records

魔方网表记录管理 - MagicSquare no-code platform record management for CRUD operations

A legitimate MagicSquare (魔方网表) REST API wrapper skill with minor documentation inconsistencies but no malicious behavior detected.

Skill Namemofang-records

Duration79.7s

Enginepi

✓

Safe to install

Fix the missing cli.mjs file and update SKILL.md to reflect that handlers use fetch-based HTTP calls rather than exec-based CLI invocations. Otherwise safe to use.

Findings 5 items

Severity	Finding	Location
Low	Missing cli.mjs entrypoint Doc Mismatch SKILL.md and skill.json reference ./cli.mjs as the binary entrypoint, and package.json declares it as bin. However, the cli.mjs file does not exist in the repository. The handlers directory exists with TypeScript source and compiled dist output, but no CLI wrapper is provided. `"bin": { "mofang-records": "./cli.mjs" }` → Create cli.mjs to serve as the CLI wrapper, or update SKILL.md/skill.json to reflect the actual invocation method (direct handler invocation).	`package.json:7`
Low	SKILL.md declares exec-based CLI but handlers use fetch Doc Mismatch SKILL.md states '必须通过 exec 执行本 Skill 提供的 CLI 命令完成操作' (must use exec to run CLI commands). However, the handlers use Node.js fetch API to make direct HTTP requests to the configured BASE_URL. This is a documentation mismatch - the actual implementation makes HTTP calls directly, not through a CLI subprocess. `必须通过 exec 执行本 Skill 提供的 CLI 命令完成操作` → Update SKILL.md to clarify whether this is a handler skill (direct function calls) or a CLI skill. If handler-based, remove the exec/CLI instructions.	`SKILL.md:1`
Low	Undeclared filesystem WRITE access Priv Escalation The cache module in handlers/utils/cache.ts writes to ~/.mofang-skills/ directory (line 33: mkdir + writeFile) but SKILL.md does not declare any filesystem permissions. The skill declares requiredTools: ['exec'] but no filesystem access. `await mkdir(dir, { recursive: true }); await writeFile(path, JSON.stringify(data, null, 0), 'utf-8');` → Add filesystem:WRITE to the skill's declared capabilities in SKILL.md if this is a concern for the deployment environment.	`handlers/utils/cache.ts:33`
Low	Unpinned dependency node-fetch Supply Chain package.json declares node-fetch as '^3.3.2' (caret range), allowing minor/patch updates. The node-fetch v3 has known breaking API changes from v2. `"node-fetch": "^3.3.2"` → Pin to exact version: [email protected] to prevent unexpected updates.	`package.json:16`
Info	Environment variable access for home directory Sensitive Access The cache module reads HOME or USERPROFILE environment variables to determine the cache directory path. This is standard practice but accesses environment variables. `const home = process.env.HOME \|\| process.env.USERPROFILE \|\| '';` → No action needed - this is legitimate usage for cross-platform home directory detection.	`handlers/utils/cache.ts:29`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	handlers/utils/cache.ts:33 writes to ~/.mofang-skills/
Network	`NONE`	`READ`	✗ Violation	handlers/utils/http-client.ts:107 uses fetch to BASE_URL
Shell	`WRITE`	`NONE`	✗ Violation	SKILL.md declares exec required but cli.mjs does not exist
Skill Invoke	`NONE`	`NONE`	—	No skill-to-skill invocation detected
Environment	`NONE`	`READ`	✓ Aligned	handlers/utils/cache.ts:29 reads HOME/UserProfile
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No direct database access

12 findings

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/node/-/node-20.19.37.tgz

package-lock.json:20

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz

package-lock.json:30

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fetch-blob/-/fetch-blob-3.2.0.tgz

package-lock.json:39

🔗

Medium External URL 外部 URL

https://paypal.me/jimmywarting

package-lock.json:48

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz

package-lock.json:62

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/node-domexception/-/node-domexception-1.0.0.tgz

package-lock.json:74

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/node-fetch/-/node-fetch-3.3.2.tgz

package-lock.json:94

🔗

Medium External URL 外部 URL

https://opencollective.com/node-fetch

package-lock.json:107

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/typescript/-/typescript-5.9.3.tgz

package-lock.json:112

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/undici-types/-/undici-types-6.21.0.tgz

package-lock.json:126

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz

package-lock.json:133

🔗

Medium External URL 外部 URL

https://example.mf999.com

skill.json:11

File Tree

39 files · 116.3 KB · 3602 lines

TypeScript 22f · 1869L JavaScript 11f · 1100L JSON 5f · 434L Markdown 1f · 199L

├─ ▾ 📁 dist

│ ├─ ▾ 📁 utils

│ │ ├─ 📜 base64.d.ts TypeScript 10L · 422 B

│ │ ├─ 📜 base64.js JavaScript 28L · 850 B

│ │ ├─ 📜 bq-builder.d.ts TypeScript 39L · 1.0 KB

│ │ ├─ 📜 bq-builder.js JavaScript 98L · 2.9 KB

│ │ ├─ 📜 cache.d.ts TypeScript 45L · 1.7 KB

│ │ ├─ 📜 cache.js JavaScript 105L · 3.2 KB

│ │ ├─ 📜 field-defs.d.ts TypeScript 64L · 1.8 KB

│ │ ├─ 📜 field-defs.js JavaScript 211L · 6.8 KB

│ │ ├─ 📜 http-client.d.ts TypeScript 26L · 909 B

│ │ ├─ 📜 http-client.js JavaScript 107L · 3.6 KB

│ │ ├─ 📜 resolve.d.ts TypeScript 23L · 861 B

│ │ └─ 📜 resolve.js JavaScript 174L · 8.0 KB

│ ├─ 📜 fields.d.ts TypeScript 21L · 707 B

│ ├─ 📜 fields.js JavaScript 37L · 1.5 KB

│ ├─ 📜 forms.d.ts TypeScript 22L · 599 B

│ ├─ 📜 forms.js JavaScript 65L · 2.3 KB

│ ├─ 📜 health.d.ts TypeScript 11L · 318 B

│ ├─ 📜 health.js JavaScript 51L · 1.6 KB

│ ├─ 📜 records.d.ts TypeScript 68L · 2.0 KB

│ ├─ 📜 records.js JavaScript 187L · 7.7 KB

│ ├─ 📜 spaces.d.ts TypeScript 15L · 387 B

│ └─ 📜 spaces.js JavaScript 37L · 1.2 KB

├─ ▾ 📁 handlers

│ ├─ ▾ 📁 utils

│ │ ├─ 📜 base64.ts TypeScript 31L · 833 B

│ │ ├─ 📜 bq-builder.ts TypeScript 140L · 3.2 KB

│ │ ├─ 📜 cache.ts TypeScript 141L · 3.9 KB

│ │ ├─ 📜 field-defs.ts TypeScript 249L · 7.2 KB

│ │ ├─ 📜 http-client.ts TypeScript 151L · 4.0 KB

│ │ └─ 📜 resolve.ts TypeScript 215L · 8.0 KB

│ ├─ 📜 fields.ts TypeScript 65L · 2.0 KB

│ ├─ 📜 forms.ts TypeScript 96L · 2.6 KB

│ ├─ 📜 health.ts TypeScript 62L · 1.7 KB

│ ├─ 📜 records.ts TypeScript 316L · 8.9 KB

│ └─ 📜 spaces.ts TypeScript 59L · 1.4 KB

├─ 📋 package-lock.json JSON 141L · 4.6 KB

├─ 📋 package.json JSON 23L · 546 B

├─ 📋 skill.json JSON 29L · 852 B

├─ 📝 SKILL.md Markdown 199L · 7.3 KB

├─ 📋 tools.json JSON 221L · 8.7 KB

└─ 📋 tsconfig.json JSON 20L · 488 B

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`node-fetch`	`^3.3.2`	npm	No	Version not pinned, minor/patch updates allowed
`@types/node`	`^20.11.0`	npm	No	Dev dependency, only needed for type checking
`typescript`	`^5.3.0`	npm	No	Dev dependency, build-time only

Security Positives

✓ No eval(), exec(), spawn(), or other code execution primitives found

✓ No base64-encoded strings being decoded and executed

✓ No credential exfiltration - passwords are only used for JWT token acquisition

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive credential paths

✓ No reverse shell, C2 communication, or data exfiltration patterns

✓ No obfuscation techniques detected (no obfuscated code, no suspicious string manipulation)

✓ No supply chain IOCs (typosquatting, malicious packages) - only standard npm dependencies

✓ Token caching is in-memory only, not written to disk (tokens stay in cachedToken variable)

✓ Cache files are scoped to BASE_URL hash, not global, reducing collision risk

✓ Comprehensive input validation on API parameters

Scan Report

Findings 5 items

File Tree

Dependencies 3 items

Security Positives