中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:20 小时前 重新扫描
25 /100
instagram-video-downloader
Download Instagram videos, Reels, and IGTV in HD quality via savefbs.com API
A legitimate Instagram video downloader with minor documentation inconsistency (local usage tracking contradicts 'no data collection' claim) but no malicious behavior detected.
技能名称instagram-video-downloader
分析耗时35.6s
引擎pi
可以安装
Review the 'no data collection' claim in SKILL.md to accurately reflect local usage tracking. Otherwise safe to use.

安全发现 2 项

严重性 安全发现 位置
低危
Local usage tracking contradicts 'no data collection' claim 文档欺骗
SKILL.md states 'No data collection' but the code writes usage data (date, count, paid status) to ~/.openclaw/skills/instagram-video-downloader/usage.json. While this is local storage, it contradicts the stated privacy claim.
usage_dir = home / '.openclaw' / 'skills' / 'instagram-video-downloader'
→ Update SKILL.md to accurately state 'Local usage tracking for quota management only' instead of 'No data collection'
 scripts/fetch_ig_video.py:47
低危
Missing permission declaration 权限提升
No _meta.json or equivalent file declares the skill's required permissions. This makes it unclear what filesystem/network access is expected.
#!/usr/bin/env python3
→ Add _meta.json with declared permissions (filesystem:WRITE for usage.json, network:READ for API calls)
 scripts/fetch_ig_video.py:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 scripts/fetch_ig_video.py:53-54 writes to ~/.openclaw/skills/
网络访问 READ READ ✓ 一致 scripts/fetch_ig_video.py:79-93 POSTs to savefbs.com API
命令执行 NONE NONE No shell execution detected
5 项发现
🔗
中危 外部 URL 外部 URL
https://savefbs.com
SKILL.md:8
🔗
中危 外部 URL 外部 URL
https://savefbs.com/pricing
SKILL.md:18
🔗
中危 外部 URL 外部 URL
https://www.instagram.com/reel/DTpT3fIkiPr/
SKILL.md:59
💰
中危 钱包地址 加密货币钱包地址
0xA4195EeFF370c003C5C775BE4C3f350022666305
scripts/fetch_ig_video.py:23
🔗
中危 外部 URL 外部 URL
https://pay.request.network/
scripts/fetch_ig_video.py:24

目录结构

2 文件 · 9.4 KB · 304 行
Python 1f · 191L Markdown 1f · 113L
├─ 📁 scripts
│ └─ 🐍 fetch_ig_video.py Python 191L · 6.1 KB
└─ 📝 SKILL.md Markdown 113L · 3.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests not declared import Standard HTTP library, no version pinning

安全亮点

✓ No malicious behavior detected (no reverse shell, no C2, no credential theft)
✓ Network requests only to the documented savefbs.com API
✓ Uses standard requests library - no obfuscation or suspicious patterns
✓ No hidden functionality beyond stated purpose
✓ Local data storage only - no exfiltration of user data
✓ Payment integration uses Request Network (legitimate crypto payment service)