中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:20 小时前 重新扫描
5 /100
web-llm-chat
Chat with web-based LLMs through Chrome Relay extension for Qwen AI
Legitimate Chrome Relay automation tool for Qwen Chat with no malicious behavior detected.
技能名称web-llm-chat
分析耗时36.0s
引擎pi
可以安装
This skill is safe to use as documented.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 WebSocket to localhost:18792 only
文件系统 READ READ ✓ 一致 Reads openclaw.json for auth token only
命令执行 WRITE WRITE ✓ 一致 node scripts/qwen_chat.js commands
1 项发现
🔗
中危 外部 URL 外部 URL
https://chat.qwen.ai/c/...
SKILL.md:120

目录结构

5 文件 · 54.5 KB · 1549 行
JavaScript 1f · 897L Markdown 3f · 647L JSON 1f · 5L
├─ 📁 references
│ └─ 📝 chrome-relay.md Markdown 59L · 1.7 KB
├─ 📁 scripts
│ └─ 📜 qwen_chat.js JavaScript 897L · 34.5 KB
├─ 📋 package.json JSON 5L · 44 B
├─ 📝 SKILL_CN.md Markdown 290L · 8.6 KB
└─ 📝 SKILL.md Markdown 298L · 9.7 KB

依赖分析 1 项

包名版本来源已知漏洞备注
ws ^8.19.0 npm Standard WebSocket library, version pinned

安全亮点

✓ All network traffic is localhost-only (127.0.0.1:18789/18792)
✓ Only accesses ~/.openclaw for legitimate auth token derivation
✓ No external network connections or data exfiltration
✓ Uses standard Chrome DevTools Protocol for browser automation
✓ No obfuscation, base64 payloads, or suspicious code patterns
✓ Clean dependency: only 'ws' package (version pinned to ^8.19.0)
✓ Complete documentation matches implementation