linguistic-landscape-analyzer Security Report — Trusted | ClawSafe

5 /100

linguistic-landscape-analyzer

语言景观分析 MCP 工具 - 小红书情感分析与关键词提取，支持语言学/社会学研究

Clean MCP skill implementing local-only sentiment analysis and keyword extraction with proper documentation and security practices.

Skill Namelinguistic-landscape-analyzer

Duration26.8s

Enginepi

✓

Safe to install

No action required. The skill is safe to use as documented.

Findings 1 items

Severity	Finding	Location
Low	Dependencies use caret version ranges Supply Chain package.json dependencies use ^ prefix allowing minor version updates, which could introduce breaking changes `"@modelcontextprotocol/sdk": "^1.27.1"` → Consider pinning exact versions (remove ^) for reproducible builds	`package.json:20`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	server.js:47-52 - reads CSV files from data/ directory only
Filesystem	`WRITE`	`WRITE`	✓ Aligned	server.js:260-263 - writes reports to skill directory only
Network	`NONE`	`NONE`	—	No network requests in server.js
Shell	`NONE`	`NONE`	—	No shell execution in main code
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`ADMIN`	`ADMIN`	✓ Aligned	Standard MCP tool invocation

96 findings

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@hono/node-server/-/node-server-1.19.11.tgz

package-lock.json:20

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@modelcontextprotocol/sdk/-/sdk-1.27.1.tgz

package-lock.json:32

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/accepts/-/accepts-2.0.0.tgz

package-lock.json:72

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ajv/-/ajv-8.18.0.tgz

package-lock.json:85

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ajv-formats/-/ajv-formats-3.0.1.tgz

package-lock.json:101

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/body-parser/-/body-parser-2.2.2.tgz

package-lock.json:118

🔗

Medium External URL 外部 URL

https://opencollective.com/express

package-lock.json:137

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/bytes/-/bytes-3.1.2.tgz

package-lock.json:142

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz

package-lock.json:151

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/call-bound/-/call-bound-1.0.4.tgz

package-lock.json:164

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/content-disposition/-/content-disposition-1.0.1.tgz

package-lock.json:180

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/content-type/-/content-type-1.0.5.tgz

package-lock.json:193

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cookie/-/cookie-0.7.2.tgz

package-lock.json:202

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cookie-signature/-/cookie-signature-1.2.2.tgz

package-lock.json:211

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cors/-/cors-2.8.6.tgz

package-lock.json:220

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/cross-spawn/-/cross-spawn-7.0.6.tgz

package-lock.json:237

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/debug/-/debug-4.4.3.tgz

package-lock.json:251

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/depd/-/depd-2.0.0.tgz

package-lock.json:268

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz

package-lock.json:277

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ee-first/-/ee-first-1.1.1.tgz

package-lock.json:291

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/encodeurl/-/encodeurl-2.0.0.tgz

package-lock.json:297

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz

package-lock.json:306

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz

package-lock.json:315

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz

package-lock.json:324

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/escape-html/-/escape-html-1.0.3.tgz

package-lock.json:336

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/etag/-/etag-1.8.1.tgz

package-lock.json:342

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/eventsource/-/eventsource-3.0.7.tgz

package-lock.json:351

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/eventsource-parser/-/eventsource-parser-3.0.6.tgz

package-lock.json:363

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/express/-/express-5.2.1.tgz

package-lock.json:372

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/express-rate-limit/-/express-rate-limit-8.3.1.tgz

package-lock.json:415

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz

package-lock.json:433

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fast-uri/-/fast-uri-3.1.0.tgz

package-lock.json:439

🔗

Medium External URL 外部 URL

https://opencollective.com/fastify

package-lock.json:448

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/finalhandler/-/finalhandler-2.1.1.tgz

package-lock.json:455

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/forwarded/-/forwarded-0.2.0.tgz

package-lock.json:476

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fresh/-/fresh-2.0.0.tgz

package-lock.json:485

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz

package-lock.json:494

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz

package-lock.json:503

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz

package-lock.json:527

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz

package-lock.json:540

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz

package-lock.json:552

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz

package-lock.json:564

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/hono/-/hono-4.12.8.tgz

package-lock.json:576

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/http-errors/-/http-errors-2.0.1.tgz

package-lock.json:585

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/iconv-lite/-/iconv-lite-0.7.2.tgz

package-lock.json:605

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/inherits/-/inherits-2.0.4.tgz

package-lock.json:621

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ip-address/-/ip-address-10.1.0.tgz

package-lock.json:627

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz

package-lock.json:636

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/is-promise/-/is-promise-4.0.0.tgz

package-lock.json:645

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/isexe/-/isexe-2.0.0.tgz

package-lock.json:651

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/jose/-/jose-6.2.1.tgz

package-lock.json:657

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz

package-lock.json:666

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/json-schema-typed/-/json-schema-typed-8.0.2.tgz

package-lock.json:672

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/keyword-extractor/-/keyword-extractor-0.0.28.tgz

package-lock.json:678

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz

package-lock.json:686

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/media-typer/-/media-typer-1.1.0.tgz

package-lock.json:695

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/merge-descriptors/-/merge-descriptors-2.0.0.tgz

package-lock.json:704

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-db/-/mime-db-1.54.0.tgz

package-lock.json:716

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/mime-types/-/mime-types-3.0.2.tgz

package-lock.json:725

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/ms/-/ms-2.1.3.tgz

package-lock.json:741

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/negotiator/-/negotiator-1.0.0.tgz

package-lock.json:747

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/object-assign/-/object-assign-4.1.1.tgz

package-lock.json:756

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/object-inspect/-/object-inspect-1.13.4.tgz

package-lock.json:765

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/on-finished/-/on-finished-2.4.1.tgz

package-lock.json:777

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/once/-/once-1.4.0.tgz

package-lock.json:789

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/parseurl/-/parseurl-1.3.3.tgz

package-lock.json:798

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/path-key/-/path-key-3.1.1.tgz

package-lock.json:807

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/path-to-regexp/-/path-to-regexp-8.3.0.tgz

package-lock.json:816

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/pkce-challenge/-/pkce-challenge-5.0.1.tgz

package-lock.json:826

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/proxy-addr/-/proxy-addr-2.0.7.tgz

package-lock.json:835

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/qs/-/qs-6.15.0.tgz

package-lock.json:848

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/range-parser/-/range-parser-1.2.1.tgz

package-lock.json:863

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/raw-body/-/raw-body-3.0.2.tgz

package-lock.json:872

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/require-from-string/-/require-from-string-2.0.2.tgz

package-lock.json:887

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/router/-/router-2.2.0.tgz

package-lock.json:896

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/safer-buffer/-/safer-buffer-2.1.2.tgz

package-lock.json:912

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/send/-/send-1.2.1.tgz

package-lock.json:918

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/sentiment/-/sentiment-5.0.2.tgz

package-lock.json:944

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/serve-static/-/serve-static-2.2.1.tgz

package-lock.json:953

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/setprototypeof/-/setprototypeof-1.2.0.tgz

package-lock.json:972

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/shebang-command/-/shebang-command-2.0.0.tgz

package-lock.json:978

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/shebang-regex/-/shebang-regex-3.0.0.tgz

package-lock.json:990

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/side-channel/-/side-channel-1.1.0.tgz

package-lock.json:999

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/side-channel-list/-/side-channel-list-1.0.0.tgz

package-lock.json:1018

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/side-channel-map/-/side-channel-map-1.0.1.tgz

package-lock.json:1034

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz

package-lock.json:1052

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/statuses/-/statuses-2.0.2.tgz

package-lock.json:1071

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/toidentifier/-/toidentifier-1.0.1.tgz

package-lock.json:1080

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/type-is/-/type-is-2.0.1.tgz

package-lock.json:1089

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/unpipe/-/unpipe-1.0.0.tgz

package-lock.json:1103

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/vary/-/vary-1.1.2.tgz

package-lock.json:1112

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/which/-/which-2.0.2.tgz

package-lock.json:1121

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/wrappy/-/wrappy-1.0.2.tgz

package-lock.json:1136

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/zod/-/zod-4.3.6.tgz

package-lock.json:1142

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz

package-lock.json:1151

🔗

Medium External URL 外部 URL

https://clawhub.ai/skills/linguistic-landscape-analyzer

交付报告.md:32

File Tree

9 files · 86.6 KB · 2944 lines

Markdown 4f · 1225L JSON 2f · 1186L JavaScript 2f · 524L CSV 1f · 9L

├─ ▾ 📁 data

│ └─ 📄 sample.csv CSV 9L · 883 B

├─ ▾ 📁 src

│ ├─ ▾ 📁 test

│ │ └─ 📜 full-test.js JavaScript 134L · 3.1 KB

│ └─ 📜 server.js JavaScript 390L · 11.6 KB

├─ 📝 01-技术方案.md Markdown 518L · 11.9 KB

├─ 📋 package-lock.json JSON 1159L · 40.4 KB

├─ 📋 package.json JSON 27L · 673 B

├─ 📝 SKILL.md Markdown 234L · 6.9 KB

├─ 📝 交付报告.md Markdown 250L · 5.8 KB

└─ 📝 第一阶段报告.md Markdown 223L · 5.4 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`@modelcontextprotocol/sdk`	`^1.27.1`	npm	No	Official MCP SDK
`sentiment`	`^5.0.2`	npm	No	Standard sentiment analysis library
`keyword-extractor`	`^0.0.28`	npm	No	Keyword extraction library
`zod`	`^4.3.6`	npm	No	Schema validation library

Security Positives

✓ Official MCP SDK used for protocol implementation

✓ All file operations restricted to skill directory (reports/ subfolder)

✓ No network requests or external data exfiltration

✓ No credential or sensitive path access

✓ No obfuscation or base64-encoded payloads

✓ Zod schema validation for all tool inputs

✓ Clear documentation matching implementation

✓ Legitimate sentiment analysis and keyword extraction functionality

✓ Proper error handling with try-catch blocks

Scan Report

Findings 1 items

File Tree

Dependencies 4 items

Security Positives