yuri-graph-gateway 安全扫描报告 — 可信 | ClawSafe

0 /100

yuri-graph-gateway

Yuri Graph Gateway — Facebook Graph API Proxy Service Usage Guide

Pure documentation-only skill with no executable code. It explains how to use a third-party Facebook Graph API proxy service through baiz.ai, with one declared credential (YURI_TOKEN) and comprehensive security guidance. No hidden functionality, no code execution, and no capability violations.

技能名称yuri-graph-gateway

分析耗时30.7s

引擎pi

✓

可以安装

Safe to install. This skill contains only documentation — no scripts or code to execute. Users should understand they are routing Facebook API traffic through baiz.ai's gateway. Follow the token handling best practices outlined in SKILL.md.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in this documentation skill
网络访问	`NONE`	`NONE`	—	Skill documents how to call an external proxy; no network calls made by the skil…
命令执行	`NONE`	`NONE`	—	No shell commands or subprocess calls present
环境变量	`NONE`	`NONE`	—	No environment variable access; YURI_TOKEN is documented as a user-provided cred…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database operations

3 项发现

🔗

中危外部 URL 外部 URL

https://graph.facebook.com/v21.0/act_123456/campaigns?fields=name

SKILL.md:99

🔗

中危外部 URL 外部 URL

https://facebook-graph.baiz.ai/v21.0/act_123456/campaigns?fields=name

SKILL.md:105

🔗

中危外部 URL 外部 URL

https://facebook-graph.baiz.ai

SKILL.md:180

目录结构

2 文件 · 12.6 KB · 205 行

Markdown 1f · 191L JSON 1f · 14L

├─ 📋 _meta.json JSON 14L · 452 B

└─ 📝 SKILL.md Markdown 191L · 12.1 KB

安全亮点

✓ No executable code — purely documentation/instructional content

✓ Single credential (YURI_TOKEN) clearly declared in both SKILL.md and _meta.json with full metadata (required, sensitive, description, format)

✓ Comprehensive security guidance included: token storage, URL exposure risk, TLS verification, least privilege, rate limits

✓ Complete transparency: documents exact behavior — proxy service routing Facebook Graph API through baiz.ai gateway

✓ Security best practices section covers data retention (90 days), AES-256 encryption for Facebook tokens, audit logging

✓ Includes clear warning to use least-privilege test tokens and not production Facebook credentials

✓ No scripts, no hidden functionality, no obfuscation, no credential harvesting

✓ Skill behavior matches documentation exactly — no doc-to-code mismatch