temporam-temp-mail 安全扫描报告 — 可信 | ClawSafe

0 /100

temporam-temp-mail

Temporary email receiving functionality using the Temporam API — generates disposable email addresses, lists emails, and retrieves email content

This is a legitimate temporary email utility skill that communicates exclusively with the declared Temporam API. No hidden functionality, credential theft, code execution, or data exfiltration was found.

技能名称temporam-temp-mail

分析耗时25.6s

引擎pi

✓

可以安装

No action needed. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	mcp_server.py:10 'BASE_URL = https://api.temporam.com/v1'; scripts/client.py:7 '…
环境变量	`READ`	`READ`	✓ 一致	mcp_server.py:11 'API_KEY = os.environ.get("TEMPORAM_API_KEY")'; scripts/client.…
文件系统	`NONE`	`NONE`	—	No file read/write operations found in mcp_server.py or scripts/client.py
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution calls found

1 高危 6 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_api_key_here"

README.md:43

🔗

中危外部 URL 外部 URL

https://keepachangelog.com/

CHANGELOG.md:5

🔗

中危外部 URL 外部 URL

https://semver.org/

CHANGELOG.md:5

🔗

中危外部 URL 外部 URL

https://www.temporam.com/docs/api-reference

README.md:3

🔗

中危外部 URL 外部 URL

https://api.temporam.com/v1

mcp_server.py:10

📧

提示邮箱邮箱地址

[email protected]

references/api_reference.md:53

目录结构

9 文件 · 18.8 KB · 601 行

Markdown 4f · 279L Python 2f · 147L YAML 1f · 114L JSON 2f · 61L

├─ ▾ 📁 references

│ └─ 📝 api_reference.md Markdown 84L · 2.5 KB

├─ ▾ 📁 scripts

│ └─ 🐍 client.py Python 97L · 4.0 KB

├─ 📝 CHANGELOG.md Markdown 15L · 590 B

├─ 📋 clawhub.json JSON 12L · 744 B

├─ 🐍 mcp_server.py Python 50L · 1.5 KB

├─ 📋 openapi.yaml YAML 114L · 2.9 KB

├─ 📝 README.md Markdown 80L · 1.9 KB

├─ 📝 SKILL.md Markdown 100L · 3.5 KB

└─ 📋 tool_definition.json JSON 49L · 1.1 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`unspecified`	pip	否	Standard HTTP library, no version pinning in docs but no malicious usage observed
`mcp`	`unspecified`	pip	否	Model Context Protocol library from FastMCP, no version pinning in docs but no malicious usage observed

安全亮点

✓ All network requests go exclusively to the declared https://api.temporam.com/v1 endpoint

✓ API key is handled exclusively through environment variables with proper validation

✓ No filesystem access, shell execution, or sensitive path traversal

✓ No obfuscation (no base64, eval, or dynamic code generation)

✓ No credential harvesting or environment variable enumeration

✓ No hidden functionality — code exactly matches documented behavior

✓ Dependencies (requests, mcp) are well-established libraries with no malicious indicators

✓ No supply chain risks detected in the codebase