bee-visitor-recent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Bee visitor analytics API skill, but it uses an API key and returns visitor data that should be handled carefully.
Install only if you trust this skill with your Bee API key and are authorized to analyze the visitor data it returns. Prefer storing the key in the platform's secret/env configuration, and handle outputs as sensitive website analytics.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
56/56 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can invoke the skill with the key may be able to retrieve Bee visitor analytics allowed by that key.
The implementation sends the supplied Bee API key as a Bearer token to the provider API. This is expected for the stated purpose, but the key carries whatever API permissions the user has granted it.
const API_KEY = args.api_key; ... fetch("https://platform.tradew.com/openapis/visitor/recent", { ... "Authorization": `Bearer ${API_KEY}` ... })Use a least-privilege Bee API key, provide it through the platform secret/env mechanism when possible, and rotate or revoke it if access is no longer needed.
Visitor behavior data could be exposed in chat transcripts, summaries, exports, or follow-on analysis if the user asks the agent to share or retain it.
The skill returns visitor identifiers and browsing details into the agent's working context. This is disclosed and purpose-aligned, but it may be personal or commercially sensitive analytics data.
`ip` ... Visitor IP; `referer` ... Referrer URL; `current_url` ... Current visit URL; `user_agent` ... Browser User-Agent
Use this only for sites and visitor data you are authorized to access, and avoid storing or sharing the returned records beyond the intended analysis.