super-marketing-pro 安全扫描报告 — 可信 | ClawSafe

0 /100

super-marketing-pro

Full-stack B2B marketing execution skill equivalent to a 10-person agency team. Covers strategy, content creation, multi-platform repurposing, email sequences, SEO analysis, competitor monitoring, and data reporting.

A completely legitimate B2B marketing automation skill with no malicious code, obfuscation, credential theft, or undeclared behavior detected across all 21 files.

技能名称super-marketing-pro

分析耗时55.1s

引擎pi

✓

可以安装

No action needed. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md:16 — scripts write output files with --output arg; content_repurposer.p…
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:13 — scripts call OpenAI API via openai package; only outbound traffic …
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or exec calls in any script
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:13 + llm_utils.py:7 — only reads OPENAI_API_KEY, used for LLM authentic…
技能调用	`NONE`	`NONE`	—	No inter-skill invocation or nested skill spawning found
剪贴板	`NONE`	`NONE`	—	No clipboard access in any script
浏览器	`NONE`	`NONE`	—	No browser automation or web scraping found
数据库	`NONE`	`NONE`	—	No database connections in any script

目录结构

21 文件 · 98.1 KB · 2559 行

Python 9f · 1717L Markdown 12f · 842L

├─ ▾ 📁 references

│ ├─ 📝 abm_framework.md Markdown 75L · 3.4 KB

│ ├─ 📝 content_templates.md Markdown 73L · 3.5 KB

│ ├─ 📝 douyin_algorithm.md Markdown 43L · 2.2 KB

│ ├─ 📝 funnel_strategy.md Markdown 82L · 3.5 KB

│ ├─ 📝 keyword_library.md Markdown 66L · 2.8 KB

│ ├─ 📝 linkedin_guide.md Markdown 152L · 3.6 KB

│ ├─ 📝 messaging_icp_guide.md Markdown 70L · 3.1 KB

│ ├─ 📝 xiaohongshu_tips.md Markdown 54L · 2.2 KB

│ └─ 📝 youtube_seo.md Markdown 61L · 2.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 competitor_monitor.py Python 209L · 6.9 KB

│ ├─ 🐍 content_calendar.py Python 208L · 8.2 KB

│ ├─ 🐍 content_repurposer.py Python 129L · 3.7 KB

│ ├─ 🐍 data_reporter.py Python 363L · 11.8 KB

│ ├─ 🐍 email_sequence_generator.py Python 181L · 5.7 KB

│ ├─ 🐍 hashtag_generator.py Python 241L · 9.7 KB

│ ├─ 🐍 llm_utils.py Python 55L · 1.9 KB

│ ├─ 🐍 seo_analyzer.py Python 191L · 9.0 KB

│ └─ 🐍 strategy_builder.py Python 140L · 5.2 KB

├─ 📝 PROMO_TEMPLATES.md Markdown 55L · 2.7 KB

├─ 📝 README.md Markdown 45L · 2.7 KB

└─ 📝 SKILL.md Markdown 66L · 3.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`openai`	`not pinned in requirements.txt`	pip (SKILL.md declaration only)	否	No requirements.txt file found; SKILL.md declares pip install openai without version pinning — minor supply chain concern but no security impact since the package is the official OpenAI SDK

安全亮点

✓ All 9 Python scripts are cleanly written marketing automation tools with no malicious code

✓ SKILL.md accurately declares all scripts, dependencies (openai), and environment variables (OPENAI_API_KEY)

✓ No subprocess, os.system, exec, eval, or shell command execution anywhere in the codebase

✓ No credential theft or harvesting — only reads the declared OPENAI_API_KEY for LLM authentication

✓ No data exfiltration — all network traffic is outbound to the declared OpenAI API endpoint via the official openai package

✓ No obfuscation, base64 payloads, or hidden HTML comments found

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, known_hosts, etc.)

✓ No remote script execution (curl|bash, wget|sh, or similar patterns)

✓ Filesystem access is limited to reading declared source files (--source) and writing declared output files (--output)

✓ No supply chain risks — dependencies are minimal (openai package only), no unpinned versions used for anything sensitive

✓ Dead code after return statement in llm_utils.py (line 55) is a minor style issue, not a security concern