iKuai 流量报表
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can use the configured token may be able to read sensitive router status and configuration data.
The skill requires an iKuai router API token through ikuai-cli. That is expected for the stated report-generation purpose, but it grants delegated access to router data.
ikuai-cli auth set-token <你的token> # 在路由器 Web UI → 系统状态 → API Token 获取
Use the least-privileged token available, keep the token local, and revoke or rotate it if the machine or report output is shared.
Running the skill will actively query the configured router and include the results in the report.
The script executes multiple local ikuai-cli commands to collect router status, security rules, and logs. The shown commands are consistent with the report purpose and are not shell-string executed.
system = run([CLI, "monitor", "system", "--format", "json"]) acl_list = run([CLI, "security", "acl", "list", "--format", "json"]) log_list = run([CLI, "log", "system", "list", "--format", "json", "--human-time"])
Run it only when you intend to collect a router snapshot, and review the generated report before sharing it.
Opening the report may load third-party chart code, which matters because the page contains sensitive router and network data.
The documentation both describes the report as having no external dependencies and later says it uses Chart.js from a CDN. That external dependency is disclosed, but the wording could make users overestimate offline/privacy properties.
生成可视化 HTML 流量报表,纯静态、无外部依赖... 报表:纯静态 HTML + Chart.js(CDN)
For privacy-sensitive use, bundle a local pinned copy of Chart.js or verify that the generated HTML uses an integrity-pinned trusted CDN.
The HTML report can reveal private network structure, connected devices, and router events to anyone who can read or receive the file.
The generated report is saved to a fixed temporary path and includes network topology, forwarding/security configuration, device information, and logs.
输出路径: `/tmp/ikuai-report.html` ... 网络配置 | WAN/LAN/DNS/NAT/端口转发/VLAN ... 系统日志 | 关键事件日志
Store the report in a private location, delete it when no longer needed, and do not upload or share it unless you are comfortable exposing the included network details.