ip-risk-scanner 安全扫描报告 — 低风险 | ClawSafe

15 /100

ip-risk-scanner

IP 安全评估工具 - Analyzes IP address safety for Claude Code usage

A legitimate IP security evaluation tool that queries public IP geolocation APIs and saves reports to Obsidian. No malicious behavior detected - hardcoded IPs are legitimate test addresses and all network operations target documented public services.

技能名称ip-risk-scanner

分析耗时30.6s

引擎pi

✓

可以安装

Approve for use. Consider adding explicit allowed-tools declaration in SKILL.md for transparency. The Obsidian save path is hardcoded to a single user's vault.

安全发现 3 项

严重性	安全发现	位置
低危	Missing tool permission declarations 文档欺骗 SKILL.md does not declare any allowed-tools or capability requirements. The skill performs network requests and filesystem writes, but these are not documented. `No allowed-tools section found` → Add an allowed-tools declaration to SKILL.md, e.g., 'allowed-tools: Bash, Read, Write, WebFetch'	`SKILL.md:1`
提示	Hardcoded user-specific Obsidian path 权限提升 The Obsidian save path is hardcoded to '/Users/kui/Documents/Obsidian Vault/'. This means the tool is designed for a single user's environment and will fail for other users. `OBSIDIAN_VAULT = "/Users/kui/Documents/Obsidian Vault/claude code/IP Reports"` → Make the Obsidian path configurable via environment variable or CLI argument	`scripts/ip_risk_scanner.py:33`
提示	Hardcoded example IP addresses 敏感访问 Two IPs are hardcoded as examples: 192.0.2.1 (TEST-NET-2 reserved range) and 45.129.228.121 (legitimate IP appearing in public APIs). These are standard documentation examples, not malicious IOCs. `用户输入："检查这个 IP：192.0.2.1"` → No action needed - these are legitimate test IPs documented for user guidance	`SKILL.md:109, scripts/ip_lookup.sh:11:109`

资源类型	声明权限	推断权限	状态	证据
网络访问	`NONE`	`READ`	✓ 一致	scripts/ip_risk_scanner.py:53-61 (urllib calls to ip-api.com, ipapi.co)
文件系统	`NONE`	`WRITE`	✓ 一致	scripts/ip_risk_scanner.py:187-188 (writes to Obsidian vault)
命令执行	`NONE`	`READ`	✓ 一致	scripts/ip_lookup.sh:23-35 (dig, whois, nslookup commands)

2 高危 24 项发现

📡

高危 IP 地址硬编码 IP 地址

192.0.2.1

SKILL.md:109

📡

高危 IP 地址硬编码 IP 地址

45.129.228.121

scripts/ip_lookup.sh:11

🔗

中危外部 URL 外部 URL

https://browserleaks.com/webrtc

SKILL.md:243

🔗

中危外部 URL 外部 URL

https://browserleaks.com/dns

SKILL.md:244

🔗

中危外部 URL 外部 URL

https://browserleaks.com/canvas

SKILL.md:245

🔗

中危外部 URL 外部 URL

https://browserleaks.com/

SKILL.md:246

🔗

中危外部 URL 外部 URL

https://scamalytics.com

SKILL.md:267

🔗

中危外部 URL 外部 URL

https://browserleaks.com

SKILL.md:268

🔗

中危外部 URL 外部 URL

https://www.augmunt.com/blog/claude-account-ban-solutions-deep-dive-2026/

SKILL.md:269

🔗

中危外部 URL 外部 URL

https://blog.laozhang.ai/en/posts/claude-code-source-leak-ban-policy

SKILL.md:270

🔗

中危外部 URL 外部 URL

https://browserleaks.com/fonts

references/ip-risk-guide.md:126

🔗

中危外部 URL 外部 URL

http://ip-api.com/json/

references/ip-risk-guide.md:137

🔗

中危外部 URL 外部 URL

https://ipapi.co/

references/ip-risk-guide.md:138

🔗

中危外部 URL 外部 URL

http://ipwhois.app/json/

references/ip-risk-guide.md:139

🔗

中危外部 URL 外部 URL

https://www.spamhaus.org/query/ip/

references/ip-risk-guide.md:198

🔗

中危外部 URL 外部 URL

https://www.abuseipdb.com/check/

references/ip-risk-guide.md:199

🔗

中危外部 URL 外部 URL

https://www.virustotal.com/gui/ip-address/

references/ip-risk-guide.md:200

🔗

中危外部 URL 外部 URL

https://youverify.co/blog/ip-fraud-score

references/ip-risk-guide.md:215

🔗

中危外部 URL 外部 URL

http://ip-api.com/json/$IP_ADDRESS

scripts/ip_lookup.sh:36

🔗

中危外部 URL 外部 URL

https://ipapi.co/$IP_ADDRESS/json/

scripts/ip_lookup.sh:54

🔗

中危外部 URL 外部 URL

https://scamalytics.com/ip/

scripts/ip_risk_scanner.py:354

🔗

中危外部 URL 外部 URL

https://browserleaks.com/ip/

scripts/ip_risk_scanner.py:355

🔗

中危外部 URL 外部 URL

https://whoer.net/

scripts/ip_risk_scanner.py:356

🔗

中危外部 URL 外部 URL

https://ipinfo.io/

scripts/ip_risk_scanner.py:357

目录结构

4 文件 · 35.5 KB · 1047 行

Markdown 2f · 491L Python 1f · 479L Shell 1f · 77L

├─ ▾ 📁 references

│ └─ 📝 ip-risk-guide.md Markdown 216L · 5.2 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 ip_lookup.sh Shell 77L · 2.6 KB

│ └─ 🐍 ip_risk_scanner.py Python 479L · 19.5 KB

└─ 📝 SKILL.md Markdown 275L · 8.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`Python standard library only`	`N/A`	stdlib	否	Uses urllib.request, json, os, datetime - no external dependencies

安全亮点

✓ No credential theft or environment variable harvesting detected

✓ No base64 encoding, obfuscation, or anti-analysis techniques found

✓ No reverse shell, C2, or data exfiltration to attacker-controlled infrastructure

✓ All network requests target legitimate, publicly documented IP lookup APIs (ip-api.com, ipapi.co)

✓ No supply chain risks - uses only Python standard library (urllib)

✓ Shell script uses standard diagnostic tools (dig, whois, nslookup, curl, ping) - all appropriate for IP analysis

✓ No hidden functionality or undocumented behavior

✓ Reports are only saved locally to the user's Obsidian vault