weshop-openapi-skill 安全扫描报告 — 可信 | ClawSafe

5 /100

weshop-openapi-skill

Image-editing and image-generation tasks including model replacement, pose changes, background swapping, virtual try-on, and more via WeShop OpenAPI

This is a legitimate API integration skill for image processing via WeShop OpenAPI with no malicious behavior detected.

技能名称weshop-openapi-skill

分析耗时25.5s

引擎pi

✓

可以安装

No action required. The skill is a well-documented API wrapper with appropriate security warnings about API key handling.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem operations declared or implied in SKILL.md
网络访问	`READ`	`READ`	✓ 一致	HTTPS API calls to openapi.weshop.ai; all network usage is declared
环境变量	`READ`	`READ`	✓ 一致	WESHOP_API_KEY access declared in metadata; only used for authentication
命令执行	`NONE`	`NONE`	—	No shell execution in this documentation-only skill
技能调用	`NONE`	`NONE`	—	No nested skill invocation defined
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

6 项发现

🔗

中危外部 URL 外部 URL

https://openapi.weshop.ai/openapi/agent/openapi.yaml

SKILL.md:13

🔗

中危外部 URL 外部 URL

https://openapi.weshop.ai/openapi/*

SKILL.md:19

🔗

中危外部 URL 外部 URL

https://open.weshop.ai/authorization/apikey.

SKILL.md:26

🔗

中危外部 URL 外部 URL

https://openapi.weshop.ai/openapi/agent/runs

SKILL.md:246

🔗

中危外部 URL 外部 URL

https://ai-image.weshop.ai/example.png

SKILL.md:253

🔗

中危外部 URL 外部 URL

https://openapi.weshop.ai/openapi/agent/assets/images

SKILL.md:267

目录结构

1 文件 · 14.1 KB · 312 行

Markdown 1f · 312L

└─ 📝 SKILL.md Markdown 312L · 14.1 KB

✓ API key security warnings prominently displayed - warns against sending keys to unauthorized domains

✓ No shell execution, filesystem writes, or sensitive path access

✓ Network access limited to single legitimate API endpoint (openapi.weshop.ai)

✓ No credential exfiltration or suspicious network patterns

✓ Pure documentation/specification file with no hidden executable code

✓ Transparent about required environment variables and their purpose

✓ API key is only sent to the declared legitimate endpoint