错敏信息检测

The skill's code, instructions, and optional dependencies are consistent with its stated purpose (fetching pages and calling a UCAP sensitive-data detection API); no disproportionate credentials, installs, or unexpected behaviors were found.

This skill appears coherent and security-conscious. Before installing: 1) Review where the UCAP API endpoint(s) are called in main.py so you know what external host(s) receive data. 2) Use an isolated Python environment (venv) when pip installing the listed dependencies. 3) Do NOT enable dynamic/browser mode (DISABLE_JAVASCRIPT=False) unless you intentionally install Node/agent-browser/Chrome and you set a strict ALLOWED_DOMAINS whitelist — dynamic mode executes page JS and can create SSRF risks if misconfigured. 4) Treat the UCAP userKey like any API key: provide it only if you trust the UCAP service; the code stores it only in-process but suggests persisting as a system env var for convenience (avoid persisting secrets unless necessary). If you want extra assurance, request the maintainer to publish the UCAP API endpoint and any telemetry behavior in the code for review.