ai-content-generator-pro 安全扫描报告 — 可信 | ClawSafe

0 /100

ai-content-generator-pro

Premium AI content generation skill with multi-model support (ChatGPT, Claude, Grok)

This is a legitimate AI content generation skill with no malicious behavior detected. All functionality is accurately represented in documentation and the code is a clean prototype that simulates API responses without actual sensitive operations.

技能名称ai-content-generator-pro

分析耗时35.7s

引擎pi

✓

可以安装

No action needed. The skill is safe to install and use. For production use, add real API keys and implement actual AI model integrations.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	package.json:permissions + index.js uses fs module for local content/config only
网络访问	`READ`	`NONE`	✓ 一致	index.js:all AI calls are simulated, no actual network requests
命令执行	`NONE`	`NONE`	—	index.js:no exec/spawn calls found
环境变量	`NONE`	`NONE`	—	No environment variable access observed
数据库	`NONE`	`NONE`	—	sqlite3 in dependencies but not used in code (prototype)
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation

2 项发现

📧

提示邮箱邮箱地址

[email protected]

CLAWHUB_LISTING.md:234

📧

提示邮箱邮箱地址

[email protected]

CLAWHUB_LISTING.md:239

目录结构

18 文件 · 63.7 KB · 2063 行

Markdown 9f · 1204L JavaScript 2f · 471L Shell 2f · 207L JSON 5f · 181L

├─ ▾ 📁 config

│ ├─ 🔑 config.json ⚠ JSON 24L · 362 B

│ ├─ 📋 models.json JSON 27L · 690 B

│ ├─ 📋 prompts.json JSON 24L · 3.6 KB

│ └─ 📋 templates.json JSON 45L · 1.3 KB

├─ ▾ 📁 content

│ ├─ ▾ 📁 samples

│ │ └─ 📝 sample-blog.md Markdown 22L · 564 B

│ ├─ 📝 blog-1773489827764.md Markdown 12L · 378 B

│ └─ 📝 calendar-weekly-1773489827765.md Markdown 12L · 320 B

├─ ▾ 📁 references

│ ├─ 📝 api-docs.md Markdown 370L · 7.8 KB

│ └─ 📝 market-research.md Markdown 127L · 4.0 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 setup.sh Shell 95L · 2.2 KB

│ └─ 🔧 test.sh Shell 112L · 2.7 KB

├─ 📝 CLAWHUB_LISTING.md Markdown 246L · 8.1 KB

├─ 📝 IMPLEMENTATION_SUMMARY.md Markdown 209L · 7.4 KB

├─ 📜 index.js JavaScript 366L · 13.3 KB

├─ 📋 package.json JSON 61L · 1.3 KB

├─ 📝 README.md Markdown 29L · 646 B

├─ 📝 SKILL.md Markdown 177L · 6.4 KB

└─ 📜 test.js JavaScript 105L · 2.8 KB

依赖分析 8 项

包名	版本	来源	已知漏洞	备注
`openai`	`^4.0.0`	npm	否	API client, declared but not used in prototype
`@anthropic-ai/sdk`	`^0.24.0`	npm	否	API client, declared but not used in prototype
`cheerio`	`^1.0.0`	npm	否	HTML parsing for SEO features
`marked`	`^12.0.0`	npm	否	Markdown processing
`date-fns`	`^3.6.0`	npm	否	Date manipulation for content calendar
`sqlite3`	`^5.1.6`	npm	否	Database, declared but not used in prototype
`chalk`	`^5.3.0`	npm	否	Terminal styling
`yaml`	`^2.3.0`	npm	否	YAML parsing

安全亮点

✓ All declared features match actual implementation - no hidden functionality

✓ No shell execution or system command calls in index.js

✓ No credential harvesting or environment variable scanning

✓ No network exfiltration or suspicious outbound connections

✓ AI generation is simulated/prototype only - no real API keys are used

✓ Content and config files written only to expected local directories

✓ No base64 encoding, eval(), or obfuscated code

✓ Dependencies are legitimate and standard (openai, anthropic, cheerio, marked, etc.)

✓ SQLite dependency is declared but not actually used in prototype code

✓ Setup and test scripts use only safe, documented operations

✓ API keys stored in config.json are empty placeholders

✓ No sensitive paths (~/.ssh, ~/.aws, .env) are accessed