drpy-source-creator Security Report — Low Risk | ClawSafe

15 /100

drpy-source-creator

drpy视频源创建与调试技能 - A skill for creating and debugging drpy video source rules for TVBox, 海阔视界, ZYPlayer and similar media players

This is a legitimate drpy video source creation and debugging skill with no malicious behavior detected. The single high-risk IOC (hardcoded IP 122.0.0.0) is a clearly documented placeholder in example code, not actual malicious infrastructure.

Skill Namedrpy-source-creator

Duration41.6s

Enginepi

✓

Safe to install

No action required. The skill is safe to use as documented.

Findings 2 items

Severity	Finding	Location
Low	Hardcoded placeholder IP address IP address 122.0.0.0 appears in pitv_example.js:33. This is a clearly documented placeholder IP used in the example code comments, not actual C2 infrastructure. `// 备用静态分类 input = [` → No action required. This is intentional placeholder data in example code.	`assets/pitv_example.js:33`
Info	Unpinned Python dependency The analyze_site.py script imports 'requests' without version pinning. `import requests` → Consider pinning requests version (e.g., requests>=2.28.0) for reproducible builds, but not a security issue.	`scripts/analyze_site.py:8`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Scripts only read/write drpy source files for minification/validation
Network	`READ`	`READ`	✓ Aligned	analyze_site.py makes HTTP requests to user-specified URLs only
Shell	`WRITE`	`WRITE`	✓ Aligned	minify_drpy.js uses execSync for uglifyjs (documented tool)
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

1 High 23 findings

📡

High IP Address 硬编码 IP 地址

122.0.0.0

assets/pitv_example.js:33

🔗

Medium External URL 外部 URL

https://www.example.com

README.md:29

🔗

Medium External URL 外部 URL

https://www.pitv.cc

README.md:84

🔗

Medium External URL 外部 URL

https://www.pitv.cc/

SKILL.md:59

🔗

Medium External URL 外部 URL

https://yanetflix.com

SKILL.md:113

🔗

Medium External URL 外部 URL

https://www.example.com/

SKILL.md:140

🔗

Medium External URL 外部 URL

https://cokemv.me

SKILL.md:232

🔗

Medium External URL 外部 URL

https://www.jqqzx.cc/

SKILL.md:248

🔗

Medium External URL 外部 URL

https://old-domain.com/=

SKILL.md:387

🔗

Medium External URL 外部 URL

https://new-domain.com/

SKILL.md:387

🔗

Medium External URL 外部 URL

http://www.example.com@User-Agent=custom-ua

SKILL.md:390

🔗

Medium External URL 外部 URL

https://api.apiimg.com/show/super.php?id=

assets/pitv_example.js:112

🔗

Medium External URL 外部 URL

https://www.baidu.com

references/attributes.md:16

🔗

Medium External URL 外部 URL

https://yanetflix.com/voddetail/fyid.html

references/attributes.md:24

🔗

Medium External URL 外部 URL

http://www.jianpianapp.com@User-Agent=jianpian-version350

references/attributes.md:183

🔗

Medium External URL 外部 URL

https://www.keke6.app/=

references/attributes.md:186

🔗

Medium External URL 外部 URL

https://vres.a357899.cn/

references/attributes.md:186

🔗

Medium External URL 外部 URL

https://javascript-minifier.com/

references/formatting.md:298

🔗

Medium External URL 外部 URL

https://skalman.github.io/UglifyJS-online/

references/formatting.md:299

🔗

Medium External URL 外部 URL

https://debug.com

references/templates.md:223

🔗

Medium External URL 外部 URL

https://old-cdn.com/=

references/troubleshooting.md:271

🔗

Medium External URL 外部 URL

https://new-cdn.com/

references/troubleshooting.md:271

🔗

Medium External URL 外部 URL

https://comic.site.com/

references/troubleshooting.md:272

File Tree

13 files · 89.7 KB · 3524 lines

Markdown 7f · 2605L JavaScript 5f · 721L Python 1f · 198L

├─ ▾ 📁 assets

│ ├─ 📜 basic_template.js JavaScript 85L · 1.5 KB

│ ├─ 📜 mxpro_example.js JavaScript 96L · 2.6 KB

│ └─ 📜 pitv_example.js JavaScript 166L · 5.4 KB

├─ ▾ 📁 references

│ ├─ 📝 attributes.md Markdown 295L · 6.9 KB

│ ├─ 📝 formatting.md Markdown 304L · 6.4 KB

│ ├─ 📝 parsing.md Markdown 410L · 10.0 KB

│ ├─ 📝 templates.md Markdown 290L · 7.1 KB

│ └─ 📝 troubleshooting.md Markdown 526L · 11.8 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 analyze_site.py Python 198L · 7.0 KB

│ ├─ 📜 minify_drpy.js JavaScript 114L · 3.3 KB

│ └─ 📜 validate_drpy.js JavaScript 260L · 6.9 KB

├─ 📝 README.md Markdown 142L · 4.1 KB

└─ 📝 SKILL.md Markdown 638L · 16.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned

Security Positives

✓ No credential harvesting or exfiltration behavior detected

✓ No reverse shell, C2 communication, or data theft patterns found

✓ No base64-encoded payloads or eval() with decoded content

✓ No unauthorized access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No curl|bash or wget|sh remote script execution

✓ All functionality is clearly documented in SKILL.md

✓ No hidden instructions in HTML comments or other files

✓ Scripts perform only their documented purposes (site analysis, minification, validation)

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives