velora-chat Security Report — Trusted | ClawSafe

5 /100

velora-chat

Velora AI companions 平台测试工具，使用 Playwright 进行浏览器自动化

Velora 平台测试工具，声明与实际行为一致，无恶意行为，为合法浏览器自动化脚本

Skill Namevelora-chat

Duration30.8s

Enginepi

✓

Safe to install

可安全使用。建议通过环境变量传递凭证而非命令行参数以避免进程列表泄露

Findings 1 items

Severity	Finding	Location
Low	凭证传递方式可改进凭证通过命令行参数传递，会在进程列表(ps aux)中可见。建议改用环境变量或_dotenv_加载 `veloraChat(args[0], args[1], args[2], args.slice(3).join(' '))` → 使用 process.env.VELORA_EMAIL 和 process.env.VELORA_PASSWORD	`scripts/velora-chat.js:54`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	scripts/velora-chat.js:22 仅访问velora.cloudm8.net
Browser	`WRITE`	`WRITE`	✓ Aligned	Playwright chromium.launch() 实现声明的浏览器自动化

4 findings

🔗

Medium External URL 外部 URL

https://velora.cloudm8.net/login

SKILL.md:100

📧

Info Email 邮箱地址

[email protected]

SKILL.md:33

📧

Info Email 邮箱地址

[email protected]

SKILL.md:54

📧

Info Email 邮箱地址

[email protected]

scripts/velora-chat.js:71

File Tree

3 files · 7.9 KB · 268 lines

Markdown 2f · 197L JavaScript 1f · 71L

├─ ▾ 📁 references

│ └─ 📝 companions.md Markdown 40L · 1.6 KB

├─ ▾ 📁 scripts

│ └─ 📜 velora-chat.js JavaScript 71L · 2.4 KB

└─ 📝 SKILL.md Markdown 157L · 3.9 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`*`	npm	No	无版本锁定

Security Positives

✓ 声明与实际行为完全一致，无阴影功能

✓ 只访问声明的 velora.cloudm8.net 域名

✓ 无敏感路径访问（~/.ssh、.env等）

✓ 无数据外泄行为

✓ 无远程代码执行

✓ 无凭证收割行为

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives