Scan Report
5 /100
content-clipper
Extract, summarize, and clip web content to flomo or local markdown. Supports web articles, 小红书, Twitter/X, and 微信公众号.
content-clipper 是合法的网页内容抓取工具,功能与声明一致,无恶意行为。
Safe to install
无需阻断,可直接使用。注意在多租户环境限制文件系统写入路径。
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/clip.js:93 fs.writeFileSync(outputPath, md) |
| Network | READ+WRITE | READ+WRITE | ✓ Aligned | scripts/clip.js:32 https.get(url) + scripts/clip.js:72 POST to FLOMO_WEBHOOK |
| Shell | WRITE | WRITE | ✓ Aligned | scripts/clip.js:76 execSync(curl.exe ...) 仅用于 POST webhook |
1 findings
Medium External URL 外部 URL
https://flomoapp.com/iwh/MTg4MTA/c6fceb66258d3cc5c527d82f283ba06a/ SKILL.md:26 File Tree
3 files · 7.3 KB · 191 lines JavaScript 1f · 148L
Markdown 1f · 31L
JSON 1f · 12L
├─
▾
scripts
│ └─
clip.js
JavaScript
├─
package.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ 代码结构清晰,无混淆或隐藏逻辑
✓ 所有能力均已在 SKILL.md 中声明
✓ 数据仅发送到用户配置的 flomo webhook,无第三方数据外泄
✓ 内容截断至 3000 字符,防止过大负载
✓ 无凭证收割、环境变量遍历或敏感路径访问
✓ 无远程脚本下载、无版本锁定依赖(仅使用 Node.js 内置模块)