linkmind-capture Security Report — Low Risk | ClawSafe

15 /100

linkmind-capture

Capture social media links (Weibo, Xiaohongshu, WeChat, Xiaoyuzhou) — extract text, images, and metadata, then generate a Markdown note with AI deep summary, saved to the user's Obsidian vault

A legitimate social media content capture tool with thorough documentation. Minor documentation gaps (Glob/Grep listed in allowed-tools but unused) and Chrome version string in User-Agent flagged as 'hardcoded IP' are false positives.

Skill Namelinkmind-capture

Duration61.1s

Enginepi

✓

Safe to install

Approve for use. The hardcoded '125.0.0.0' flagged by pre-scan is Chrome/125.0.0.0 version in User-Agent string, not a malicious IP. Consider removing Glob/Grep from allowed-tools declaration for accuracy.

Findings 2 items

Severity	Finding	Location
Low	Unused tools declared in allowed-tools Doc Mismatch SKILL.md declares 'Glob, Grep' as allowed-tools but neither appears in the documented workflow. The skill only uses Shell, Read, and Write. `allowed-tools: Shell, Read, Write, Glob, Grep` → Remove Glob and Grep from the allowed-tools declaration for accuracy	`SKILL.md:23`
Info	Dependencies lack version pinning in package.json Supply Chain package.json uses caret ranges (^25.5.0, ^4.0.0, ^5.5.0, ^1.1.0) which may resolve to unexpected versions on reinstall `"@types/node": "^25.5.0"` → Pin exact versions for reproducible builds: '@types/node': '25.5.0', 'tsx': '4.21.0', etc.	`scripts/package.json:22`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:175-185 documents npx tsx scripts writing to obsidian vault
Network	`READ`	`READ`	✓ Aligned	Scripts make HTTP requests to social media APIs (Weibo, Xiaohongshu, WeChat, Xia…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:139-143 documents npx tsx execution; extract-transcript.ts:56,89,109 sp…
Environment	`NONE`	`READ`	✓ Aligned	config.ts:17-45 loads .env file and applies to config; credentials stay local
Skill Invoke	`NONE`	`NONE`	—	No skill-to-skill invocation observed
Clipboard	`NONE`	`NONE`	—	No clipboard access observed
Browser	`NONE`	`NONE`	—	No browser automation in main scripts (chrome-cdp.ts is helper only)
Database	`NONE`	`NONE`	—	No database access observed

1 High 106 findings

📡

High IP Address 硬编码 IP 地址

125.0.0.0

scripts/download-images.ts:24

🔗

Medium External URL 外部 URL

https://xyzfm.link/s/xxx

SKILL.md:69

🔗

Medium External URL 外部 URL

https://weibo.com

SKILL.md:168

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com

SKILL.md:168

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com

SKILL.md:168

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com

SKILL.md:274

🔗

Medium External URL 外部 URL

https://www.xfyun.cn/

SKILL.md:642

🔗

Medium External URL 外部 URL

https://platform.openai.com/api-keys

SKILL.md:644

🔗

Medium External URL 外部 URL

https://raasr.xfyun.cn/v2/api/upload

scripts/extract-transcript.ts:142

🔗

Medium External URL 外部 URL

https://raasr.xfyun.cn/v2/api/getResult

scripts/extract-transcript.ts:143

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@clack/core/-/core-1.1.0.tgz

scripts/package-lock.json:21

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@clack/prompts/-/prompts-1.1.0.tgz

scripts/package-lock.json:30

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/aix-ppc64/-/aix-ppc64-0.27.4.tgz

scripts/package-lock.json:40

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/android-arm/-/android-arm-0.27.4.tgz

scripts/package-lock.json:57

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/android-arm64/-/android-arm64-0.27.4.tgz

scripts/package-lock.json:74

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/android-x64/-/android-x64-0.27.4.tgz

scripts/package-lock.json:91

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/darwin-arm64/-/darwin-arm64-0.27.4.tgz

scripts/package-lock.json:108

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/darwin-x64/-/darwin-x64-0.27.4.tgz

scripts/package-lock.json:125

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.4.tgz

scripts/package-lock.json:142

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/freebsd-x64/-/freebsd-x64-0.27.4.tgz

scripts/package-lock.json:159

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-arm/-/linux-arm-0.27.4.tgz

scripts/package-lock.json:176

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-arm64/-/linux-arm64-0.27.4.tgz

scripts/package-lock.json:193

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-ia32/-/linux-ia32-0.27.4.tgz

scripts/package-lock.json:210

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-loong64/-/linux-loong64-0.27.4.tgz

scripts/package-lock.json:227

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-mips64el/-/linux-mips64el-0.27.4.tgz

scripts/package-lock.json:244

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-ppc64/-/linux-ppc64-0.27.4.tgz

scripts/package-lock.json:261

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-riscv64/-/linux-riscv64-0.27.4.tgz

scripts/package-lock.json:278

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-s390x/-/linux-s390x-0.27.4.tgz

scripts/package-lock.json:295

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/linux-x64/-/linux-x64-0.27.4.tgz

scripts/package-lock.json:312

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.4.tgz

scripts/package-lock.json:329

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/netbsd-x64/-/netbsd-x64-0.27.4.tgz

scripts/package-lock.json:346

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.4.tgz

scripts/package-lock.json:363

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/openbsd-x64/-/openbsd-x64-0.27.4.tgz

scripts/package-lock.json:380

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.4.tgz

scripts/package-lock.json:397

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/sunos-x64/-/sunos-x64-0.27.4.tgz

scripts/package-lock.json:414

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/win32-arm64/-/win32-arm64-0.27.4.tgz

scripts/package-lock.json:431

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/win32-ia32/-/win32-ia32-0.27.4.tgz

scripts/package-lock.json:448

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@esbuild/win32-x64/-/win32-x64-0.27.4.tgz

scripts/package-lock.json:465

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/@types/node/-/node-25.5.0.tgz

scripts/package-lock.json:482

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/esbuild/-/esbuild-0.27.4.tgz

scripts/package-lock.json:492

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/fsevents/-/fsevents-2.3.3.tgz

scripts/package-lock.json:534

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/get-tsconfig/-/get-tsconfig-4.13.6.tgz

scripts/package-lock.json:549

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz

scripts/package-lock.json:562

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/sisteransi/-/sisteransi-1.0.5.tgz

scripts/package-lock.json:572

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/tsx/-/tsx-4.21.0.tgz

scripts/package-lock.json:578

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/typescript/-/typescript-5.9.3.tgz

scripts/package-lock.json:598

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com/undici-types/-/undici-types-7.18.2.tgz

scripts/package-lock.json:612

🔗

Medium External URL 外部 URL

https://weibo.com/2192828333/QyWziEdkQ

scripts/test-transcript.ts:197

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s/AbCdEfGhIjKlMnOp

scripts/test-wechat.ts:49

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s?__biz=MzA4NzQzMzU4Mg==&mid=12345&idx=1&sn=abc

scripts/test-wechat.ts:53

🔗

Medium External URL 外部 URL

https://weibo.com/foo

scripts/test-wechat.ts:58

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/profile?src=3

scripts/test-wechat.ts:74

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/real1.jpg

scripts/test-wechat.ts:146

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/direct.jpg

scripts/test-wechat.ts:147

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/real2.jpg

scripts/test-wechat.ts:148

🔗

Medium External URL 外部 URL

https://res.wx.qq.com/icon.png

scripts/test-wechat.ts:149

🔗

Medium External URL 外部 URL

https://og-fallback.jpg

scripts/test-wechat.ts:182

🔗

Medium External URL 外部 URL

https://cover.jpg

scripts/test-wechat.ts:188

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/img1.jpg

scripts/test-wechat.ts:193

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s/TestId123

scripts/test-wechat.ts:198

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/real.jpg

scripts/test-wechat.ts:250

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/placeholder.jpg

scripts/test-wechat.ts:250

🔗

Medium External URL 外部 URL

https://img.com/1.jpg

scripts/test-wechat.ts:261

🔗

Medium External URL 外部 URL

https://img.com/2.jpg

scripts/test-wechat.ts:261

🔗

Medium External URL 外部 URL

https://mmbiz.qpic.cn/mid.jpg

scripts/test-wechat.ts:289

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s/test

scripts/test-wechat.ts:294

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/s/5IpMVx0Lk7fBJRN-FXdFsA

scripts/test-wechat.ts:362

🔗

Medium External URL 外部 URL

https://m.weibo.cn/detail/4331051486294436

scripts/test-weibo.ts:65

🔗

Medium External URL 外部 URL

https://m.weibo.cn/status/4331051486294436

scripts/test-weibo.ts:72

🔗

Medium External URL 外部 URL

https://weibo.com/1234567890/4331051486294436

scripts/test-weibo.ts:79

🔗

Medium External URL 外部 URL

https://weibo.com/1234567890/N5WBGE0jf

scripts/test-weibo.ts:86

🔗

Medium External URL 外部 URL

https://small.jpg

scripts/test-weibo.ts:175

🔗

Medium External URL 外部 URL

https://large.jpg

scripts/test-weibo.ts:175

🔗

Medium External URL 外部 URL

https://small2.jpg

scripts/test-weibo.ts:176

🔗

Medium External URL 外部 URL

https://video.mp4

scripts/test-weibo.ts:183

🔗

Medium External URL 外部 URL

https://weibo.com/test/123

scripts/test-weibo.ts:193

🔗

Medium External URL 外部 URL

https://m.weibo.cn/detail/5279012110206293

scripts/test-weibo.ts:225

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/6745abc0def1234567890abc

scripts/test-xiaohongshu.ts:46

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/discovery/item/6745abc0def1234567890abc

scripts/test-xiaohongshu.ts:53

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/user/profile/5a1b2c3d/6745abc0def1234567890abc

scripts/test-xiaohongshu.ts:60

🔗

Medium External URL 外部 URL

https://xhslink.com/a1B2cD

scripts/test-xiaohongshu.ts:67

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/6745abc0def1234567890abc?xsec_token=abc123

scripts/test-xiaohongshu.ts:74

🔗

Medium External URL 外部 URL

https://sns-webpic.xhscdn.com/pic1.jpg

scripts/test-xiaohongshu.ts:110

🔗

Medium External URL 外部 URL

https://sns-webpic.xhscdn.com/pic1_large.jpg

scripts/test-xiaohongshu.ts:111

🔗

Medium External URL 外部 URL

https://sns-webpic.xhscdn.com/pic1_hd.jpg

scripts/test-xiaohongshu.ts:113

🔗

Medium External URL 外部 URL

https://sns-avatar.xhscdn.com/avatar.jpg

scripts/test-xiaohongshu.ts:124

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/abc123

scripts/test-xiaohongshu.ts:137

🔗

Medium External URL 外部 URL

https://sns-video-bd.xhscdn.com/stream.m3u8

scripts/test-xiaohongshu.ts:185

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/video123

scripts/test-xiaohongshu.ts:202

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/6458c890000000001300e52b

scripts/test-xiaohongshu.ts:256

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com/episode/69b4d2f9f8b8079bfa3ae7f2#ts=1023?s=eyJ1IjoiNWY

scripts/test-xiaoyuzhou.ts:42

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com/episode/abc123

scripts/test-xiaoyuzhou.ts:49

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com/episode/xyz#ts=0

scripts/test-xiaoyuzhou.ts:56

🔗

Medium External URL 外部 URL

https://xyzfm.link/s/Qlkr7p

scripts/test-xiaoyuzhou.ts:157

🔗

Medium External URL 外部 URL

https://mp.weixin.qq.com/mp/getappmsgext?__biz=$

scripts/wechat.ts:285

🔗

Medium External URL 外部 URL

https://passport.weibo.com/visitor/genvisitor

scripts/weibo.ts:129

🔗

Medium External URL 外部 URL

https://passport.weibo.com/visitor/visitor?a=incarnate&t=$

scripts/weibo.ts:145

🔗

Medium External URL 外部 URL

https://m.weibo.cn/detail/$

scripts/weibo.ts:173

🔗

Medium External URL 外部 URL

https://m.weibo.cn/statuses/show?id=$

scripts/weibo.ts:182

🔗

Medium External URL 外部 URL

https://m.weibo.cn/statuses/extend?id=$

scripts/weibo.ts:211

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/$

scripts/xiaohongshu.ts:321

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore

scripts/xiaohongshu.ts:339

🔗

Medium External URL 外部 URL

https://sns-video-bd.xhscdn.com/$

scripts/xiaohongshu.ts:423

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com/episode/

scripts/xiaoyuzhou.ts:27

🔗

Medium External URL 外部 URL

https://api.xiaoyuzhoufm.com

scripts/xiaoyuzhou.ts:73

🔗

Medium External URL 外部 URL

https://www.xiaoyuzhoufm.com/episode/$

scripts/xiaoyuzhou.ts:96

File Tree

24 files · 208.7 KB · 6545 lines

TypeScript 16f · 5057L Markdown 3f · 815L JSON 5f · 673L

├─ ▾ 📁 references

│ └─ 📝 deep-summary-guide.md Markdown 121L · 3.9 KB

├─ ▾ 📁 scripts

│ ├─ 📜 chrome-cdp.ts TypeScript 366L · 10.8 KB

│ ├─ 📜 config.ts TypeScript 148L · 4.4 KB

│ ├─ 📜 download-images.ts TypeScript 171L · 4.8 KB

│ ├─ 📜 extract-transcript.ts TypeScript 569L · 17.7 KB

│ ├─ 📋 package-lock.json JSON 618L · 18.4 KB

│ ├─ 📋 package.json JSON 34L · 1.0 KB

│ ├─ 📜 retry.ts TypeScript 63L · 1.7 KB

│ ├─ 📜 setup.ts TypeScript 277L · 8.9 KB

│ ├─ 📜 test-transcript.ts TypeScript 241L · 7.6 KB

│ ├─ 📜 test-wechat.ts TypeScript 436L · 16.1 KB

│ ├─ 📜 test-weibo.ts TypeScript 290L · 8.4 KB

│ ├─ 📜 test-xiaohongshu.ts TypeScript 338L · 10.3 KB

│ ├─ 📜 test-xiaoyuzhou.ts TypeScript 222L · 7.5 KB

│ ├─ 📋 tsconfig.json JSON 15L · 342 B

│ ├─ 📜 types.ts TypeScript 83L · 2.2 KB

│ ├─ 📜 wechat.ts TypeScript 559L · 18.2 KB

│ ├─ 📜 weibo.ts TypeScript 367L · 11.2 KB

│ ├─ 📜 xiaohongshu.ts TypeScript 570L · 18.2 KB

│ └─ 📜 xiaoyuzhou.ts TypeScript 357L · 11.3 KB

├─ ▾ 📁 templates

│ └─ 📝 note.md Markdown 50L · 1.2 KB

├─ 🔑 config.json ⚠ JSON 3L · 71 B

├─ 📋 config.template.json JSON 3L · 64 B

└─ 📝 SKILL.md Markdown 644L · 24.6 KB

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`@clack/prompts`	`^1.1.0`	npm	No	Interactive prompts library; exact version 1.1.0 in package-lock.json
`tsx`	`^4.0.0`	npm	No	TypeScript executor; ~4.21.0 in lock file
`typescript`	`^5.5.0`	npm	No	TypeScript compiler
`@types/node`	`^25.5.0`	npm	No	Type definitions
`yt-dlp`	`unpinned`	system	No	External CLI tool invoked via spawnSync; not in npm dependencies
`ffmpeg`	`unpinned`	system	No	External CLI tool invoked via spawnSync; not in npm dependencies

Security Positives

✓ Credentials (cookies, ASR keys) stored locally in .env file, never exfiltrated

✓ Comprehensive SKILL.md documents all network requests, shell executions, and file operations

✓ No credential harvesting - does not iterate os.environ looking for keys

✓ Network requests go only to legitimate platforms (Weibo, Xiaohongshu, WeChat, Xiaoyuzhou) and ASR services (iFlytek, OpenAI Whisper)

✓ No reverse shell, C2, or data exfiltration to unknown IPs

✓ No obfuscation (base64, eval, anti-analysis techniques)

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env contents)

✓ Uses standard npm packages (@clack/prompts) with locked versions in package-lock.json

Scan Report

Findings 2 items

File Tree

Dependencies 6 items

Security Positives