clawpage-skill 安全扫描报告 — 可信 | ClawSafe

5 /100

clawpage-skill

Router skill for Clawpage page creation, publishing, and template management workflows

Legitimate page publishing framework with no malicious behavior, obfuscation, or undeclared capabilities. All functionality is properly documented in SKILL.md files.

技能名称clawpage-skill

分析耗时37.3s

引擎pi

✓

可以安装

This skill is safe to use. Standard security hygiene: keep keys.local.json local, use version-pinned Node.js, and verify api.clawpage.ai domain legitimacy.

安全发现 1 项

严重性	安全发现	位置
低危	CDN-hosted TailwindCSS dependency 供应链 Templates load TailwindCSS from cdn.tailwindcss.com. This is standard practice but introduces an external dependency. No sensitive data is transmitted. `<script src="https://cdn.tailwindcss.com">` → Consider self-hosting TailwindCSS for stricter supply chain control if required.	`templates/*/index.html:7`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares node binary requirement; scripts use 'node ./scripts/*.mjs'
文件系统	`WRITE`	`WRITE`	✓ 一致	Writes to .pages/, templates/, keys.local.json - all scoped and documented
网络访问	`READ`	`READ`	✓ 一致	Only accesses api.clawpage.ai for registration and page CRUD operations
环境变量	`NONE`	`NONE`	—	No environment variable access beyond API_HOST default
浏览器	`NONE`	`NONE`	—	Templates render static HTML; no browser automation

12 项发现

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/api/register

AGENTS.md:22

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai

SKILL.md:66

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/api/pages

references/api-quickref.md:66

🔗

中危外部 URL 外部 URL

https://u-builder01.clawpage.ai/pages/claw_xxx

references/api-quickref.md:80

🔗

中危外部 URL 外部 URL

https://u-builder01.clawpage.ai/pages/claw_xxx?pagecode=123456

references/api-quickref.md:84

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/api/pages?page=1&limit=20

references/api-quickref.md:112

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/api/pages/

references/api-quickref.md:121

🔗

中危外部 URL 外部 URL

https://u-builder01.clawpage.ai/__auth

references/api-quickref.md:175

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/healthz

references/api-quickref.md:183

🔗

中危外部 URL 外部 URL

https://api.clawpage.ai/api/pages?page=1&limit=50

skills/create-management-page/SKILL.md:55

🔗

中危外部 URL 外部 URL

https://cdn.tailwindcss.com

templates/concept-animation-lab/index.html:7

🔗

中危外部 URL 外部 URL

https://clawpage.ai

templates/concept-animation-lab/index.html:34

目录结构

38 文件 · 114.6 KB · 3488 行

Markdown 17f · 1252L CSS 6f · 1082L JavaScript 8f · 827L HTML 6f · 321L JSON 1f · 6L

├─ ▾ 📁 references

│ ├─ 📝 api-quickref.md Markdown 197L · 5.3 KB

│ ├─ 📝 design-guidelines.md Markdown 154L · 6.6 KB

│ └─ 📝 prompt-contracts.md Markdown 78L · 5.2 KB

├─ ▾ 📁 scripts

│ ├─ 📜 clawpages_init.mjs JavaScript 145L · 4.2 KB

│ └─ 📜 clawpages_publish.mjs JavaScript 395L · 12.9 KB

├─ ▾ 📁 skills

│ ├─ ▾ 📁 create-management-page

│ │ └─ 📝 SKILL.md Markdown 121L · 5.5 KB

│ ├─ ▾ 📁 create-page

│ │ └─ 📝 SKILL.md Markdown 151L · 9.9 KB

│ ├─ ▾ 📁 create-template

│ │ └─ 📝 SKILL.md Markdown 55L · 1.8 KB

│ ├─ ▾ 📁 init

│ │ └─ 📝 SKILL.md Markdown 32L · 1022 B

│ ├─ ▾ 📁 update-page

│ │ └─ 📝 SKILL.md Markdown 136L · 7.9 KB

│ └─ ▾ 📁 update-template

│ └─ 📝 SKILL.md Markdown 54L · 1.8 KB

├─ ▾ 📁 templates

│ ├─ ▾ 📁 concept-animation-lab

│ │ ├─ 📄 default.css CSS 180L · 3.7 KB

│ │ ├─ 📜 default.js JavaScript 45L · 1.5 KB

│ │ ├─ 📄 index.html HTML 51L · 1.7 KB

│ │ └─ 📝 meta.md Markdown 13L · 434 B

│ ├─ ▾ 📁 general_template

│ │ ├─ 📄 default.css CSS 287L · 4.9 KB

│ │ ├─ 📜 default.js JavaScript 47L · 1.4 KB

│ │ ├─ 📄 index.html HTML 69L · 2.6 KB

│ │ └─ 📝 meta.md Markdown 88L · 2.8 KB

│ ├─ ▾ 📁 insight-collection-hub

│ │ ├─ 📄 default.css CSS 160L · 3.4 KB

│ │ ├─ 📜 default.js JavaScript 48L · 1.7 KB

│ │ ├─ 📄 index.html HTML 50L · 1.6 KB

│ │ └─ 📝 meta.md Markdown 13L · 423 B

│ ├─ ▾ 📁 mini-game-arcade

│ │ ├─ 📄 default.css CSS 143L · 3.1 KB

│ │ ├─ 📜 default.js JavaScript 60L · 1.2 KB

│ │ ├─ 📄 index.html HTML 50L · 1.6 KB

│ │ └─ 📝 meta.md Markdown 13L · 395 B

│ ├─ ▾ 📁 stock-analysis-terminal

│ │ ├─ 📄 default.css CSS 139L · 3.0 KB

│ │ ├─ 📜 default.js JavaScript 51L · 1.8 KB

│ │ ├─ 📄 index.html HTML 51L · 1.7 KB

│ │ └─ 📝 meta.md Markdown 13L · 447 B

│ └─ ▾ 📁 utility-workbench

│ ├─ 📄 default.css CSS 173L · 3.7 KB

│ ├─ 📜 default.js JavaScript 36L · 1.2 KB

│ ├─ 📄 index.html HTML 50L · 1.6 KB

│ └─ 📝 meta.md Markdown 13L · 434 B

├─ 📝 AGENTS.md Markdown 47L · 2.7 KB

├─ 📋 keys.local.example.json JSON 6L · 95 B

└─ 📝 SKILL.md Markdown 74L · 3.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`node`	`any`	system	否	Runtime dependency declared in SKILL.md install.binaries
`tailwindcss`	`latest (CDN)`	cdn.tailwindcss.com	否	CDN-hosted; not pinned to specific version

安全亮点

✓ No obfuscation or encoded payloads found

✓ No credential harvesting beyond local key management

✓ No remote code execution patterns (curl|bash, wget|sh)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No C2 communication or data exfiltration

✓ No reverse shell capabilities

✓ All shell commands are explicitly declared (node script execution)

✓ Network calls scoped to legitimate API endpoint (api.clawpage.ai)

✓ Token management follows security best practices (local file, gitignored)

✓ Documentation accurately reflects implementation

✓ No hidden instructions in HTML comments