cpbl Security Report — Trusted | ClawSafe

0 /100

cpbl

CPBL (Chinese Professional Baseball League) stats, scores, schedules, and player data for Taiwan's pro baseball

A legitimate CPBL (Chinese Professional Baseball League) sports data query skill with no malicious behavior detected.

Skill Namecpbl

Duration31.3s

Enginepi

✓

Safe to install

This skill is safe to use. All declared capabilities match actual implementation.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Temporary CSRF token cache at tempfile.gettempdir()
Network	`READ`	`READ`	✓ Aligned	All requests to https://cpbl.com.tw only
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

12 findings

🔗

Medium External URL 外部 URL

https://cpbl.com.tw/news

SKILL.md:72

🔗

Medium External URL 外部 URL

https://twbsball.dils.tku.edu.tw/wiki/index.php?title=關鍵字

SKILL.md:82

🔗

Medium External URL 外部 URL

https://www.cpbl.com.tw/standings/season

references/api-endpoints.md:48

🔗

Medium External URL 外部 URL

https://www.rebas.tw/first-base-CPBL

references/api-endpoints.md:81

🔗

Medium External URL 外部 URL

https://tw.sports.yahoo.com/cpbl/

references/api-endpoints.md:86

🔗

Medium External URL 外部 URL

https://www.cpbl.com.tw/news

references/test-log.txt:198

🔗

Medium External URL 外部 URL

https://sports.ettoday.net/news-list.htm

references/test-log.txt:208

🔗

Medium External URL 外部 URL

https://cpbl.com.tw

scripts/_cpbl_api.py:32

🔗

Medium External URL 外部 URL

https://cpbl.com.tw/box/index?year=

scripts/cpbl_games.py:31

🔗

Medium External URL 外部 URL

https://cpbl.com.tw/box/getlive

scripts/cpbl_games.py:49

🔗

Medium External URL 外部 URL

https://cpbl.com.tw/box/live?year=

scripts/cpbl_games.py:190

🔗

Medium External URL 外部 URL

https://cpbl.com.tw/standings?KindCode=

scripts/cpbl_standings.py:129

File Tree

13 files · 84.7 KB · 2768 lines

Python 6f · 1783L Markdown 5f · 760L Text 1f · 218L JSON 1f · 7L

├─ ▾ 📁 references

│ ├─ 📝 api-endpoints.md Markdown 131L · 3.8 KB

│ ├─ 📝 summary.md Markdown 200L · 5.1 KB

│ ├─ 📄 test-log.txt Text 218L · 6.5 KB

│ └─ 📝 test-report.md Markdown 254L · 5.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 _cpbl_api.py Python 296L · 9.8 KB

│ ├─ 🐍 cpbl_games.py Python 328L · 11.6 KB

│ ├─ 🐍 cpbl_live.py Python 486L · 15.4 KB

│ ├─ 🐍 cpbl_schedule.py Python 224L · 7.1 KB

│ ├─ 🐍 cpbl_standings.py Python 235L · 6.6 KB

│ └─ 🐍 cpbl_stats.py Python 214L · 6.3 KB

├─ 📝 README.md Markdown 72L · 2.9 KB

├─ 📋 skill.json JSON 7L · 263 B

└─ 📝 SKILL.md Markdown 103L · 3.5 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`scrapling`	`*`	pip	No	Web scraping library, version not pinned but legitimate package
`beautifulsoup4`	`*`	pip	No	HTML parser, version not pinned but legitimate package

Security Positives

✓ All network requests target the legitimate CPBL official website (cpbl.com.tw) only

✓ No subprocess or shell command execution

✓ No credential harvesting or sensitive data access

✓ No data exfiltration or C2 communication

✓ No obfuscation techniques (base64, eval, etc.)

✓ Clear documentation with proper SKILL.md describing all functionality

✓ Dependencies are well-known legitimate packages (scrapling, beautifulsoup4)

✓ CSRF token caching to system temp directory is appropriate and documented

✓ No hidden functionality or undocumented behavior

Scan Report

File Tree

Dependencies 2 items

Security Positives