Skills
skills/zjp1997720/content-twin-toolkit/web-clipper/Socket

web-clipper

Warn

Audited by Socket on Apr 28, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的目标与主要能力总体一致:抓取公开网页文章并保存到本地。主要问题不在功能越界,而在执行信任边界不透明:首次运行需执行未提供源码的 wrapper/bootstrap,且可能自动安装 Python 3,来源与校验未说明;此外会把抓取任务和 API key 转发给第三方 Reader API。整体更像高风险但可解释的开发/自动化技能,而非明确恶意内容。

Confidence: 82%Severity: 76%
Audit Metadata
Analyzed At
Apr 28, 2026, 01:28 AM
Package URL
pkg:socket/skills-sh/zjp1997720%2Fcontent-twin-toolkit%2Fweb-clipper%2F@b7ba37c3baa64c81b1775c76a13e1a6b5b36e2b9
Security Audit — socket — web-clipper