中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:10 hr ago Rescan
5 /100
wemp-ops
微信公众号全流程运营技能:选题→采集→写作→排版→发布→数据分析→评论管理
微信公众号运营技能,功能完整、代码可读、无恶意行为。预扫描标记的 120.0.0.0 是 Python urllib 标准库占位符,非实际硬编码 IP。凭证仅用于本地微信 API 调用。
Skill Namewemp-ops
Duration54.7s
Enginepi
Safe to install
可安全使用。无需额外限制。

Findings 1 items

Severity Finding Location
Info
微信公众号凭证存储 Sensitive Access
config/default.json 包含 appId 和 appSecret。凭证仅用于本地调用微信官方 API,无外传行为。
"appId": "wx4d9bfa93bcaef664", "appSecret": "aea4c1ac10209d107d58d4128463fd0a"
→ 凭证存储在技能独立配置文件中,与系统配置隔离,符合最佳实践。
 config/default.json:2
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned fetch_news.py 调用 20+ 合规数据源(HN/GitHub/微信等)
Filesystem READ+WRITE READ+WRITE ✓ Aligned 技能工作目录下读写,无敏感路径访问
Shell WRITE WRITE ✓ Aligned subprocess 调用本地 Python/Node 脚本,SKILL.md 明确声明
Browser READ READ ✓ Aligned 截图和产品页面浏览,SKILL.md §4.6 声明
1 High 43 findings
📡
High IP Address 硬编码 IP 地址
120.0.0.0
scripts/fetch_news.py:11
🔗
Medium External URL 外部 URL
https://simonwillison.net/2025/...
references/weixin-constraints.md:71
🔗
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/...
references/weixin-constraints.md:72
🔗
Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing
references/writing-techniques.md:161
🔗
Medium External URL 外部 URL
https://hacker-news.firebaseio.com/v0/topstories.json
scripts/fetch_news.py:51
🔗
Medium External URL 外部 URL
https://hacker-news.firebaseio.com/v0/item/
scripts/fetch_news.py:55
🔗
Medium External URL 外部 URL
https://news.ycombinator.com/item?id=
scripts/fetch_news.py:57
🔗
Medium External URL 外部 URL
https://www.v2ex.com/api/topics/hot.json
scripts/fetch_news.py:70
🔗
Medium External URL 外部 URL
https://s.weibo.com/top/summary?cate=realtimehot
scripts/fetch_news.py:76
🔗
Medium External URL 外部 URL
https://s.weibo.com/top/summary
scripts/fetch_news.py:76
🔗
Medium External URL 外部 URL
https://s.weibo.com
scripts/fetch_news.py:82
🔗
Medium External URL 外部 URL
https://www.zhihu.com/api/v3/feed/topstory/hot-list-web?limit=50&desktop=true
scripts/fetch_news.py:86
🔗
Medium External URL 外部 URL
https://gateway.36kr.com/api/mis/nav/newsflash/flow
scripts/fetch_news.py:95
🔗
Medium External URL 外部 URL
https://36kr.com/newsflashes/
scripts/fetch_news.py:100
🔗
Medium External URL 外部 URL
https://top.baidu.com/board?tab=realtime
scripts/fetch_news.py:104
🔗
Medium External URL 外部 URL
https://www.baidu.com/s?wd=
scripts/fetch_news.py:108
🔗
Medium External URL 外部 URL
https://api.juejin.cn/recommend_api/v1/article/recommend_all_feed
scripts/fetch_news.py:112
🔗
Medium External URL 外部 URL
https://juejin.cn/post/
scripts/fetch_news.py:118
🔗
Medium External URL 外部 URL
https://sspai.com/api/v1/article/index/page/get?limit=20&offset=0&created_at=0
scripts/fetch_news.py:122
🔗
Medium External URL 外部 URL
https://sspai.com/post/
scripts/fetch_news.py:124
🔗
Medium External URL 外部 URL
https://www.ithome.com/
scripts/fetch_news.py:128
🔗
Medium External URL 外部 URL
https://www\.ithome\.com/\d+/\d+/\d+/\d+\.htm
scripts/fetch_news.py:131
🔗
Medium External URL 外部 URL
https://www.producthunt.com/
scripts/fetch_news.py:136
🔗
Medium External URL 外部 URL
https://www.producthunt.com/posts/
scripts/fetch_news.py:140
🔗
Medium External URL 外部 URL
https://api.bilibili.com/x/web-interface/ranking/v2?rid=0&type=all
scripts/fetch_news.py:144
🔗
Medium External URL 外部 URL
https://www.bilibili.com/video/
scripts/fetch_news.py:146
🔗
Medium External URL 外部 URL
https://www.douyin.com/aweme/v1/web/hot/search/list/
scripts/fetch_news.py:150
🔗
Medium External URL 外部 URL
https://www.douyin.com/
scripts/fetch_news.py:150
🔗
Medium External URL 外部 URL
https://www.douyin.com/search/
scripts/fetch_news.py:154
🔗
Medium External URL 外部 URL
https://www.toutiao.com/hot-event/hot-board/?origin=toutiao_pc
scripts/fetch_news.py:158
🔗
Medium External URL 外部 URL
https://r.inews.qq.com/gw/event/hot_ranking_list?page_size=50
scripts/fetch_news.py:164
🔗
Medium External URL 外部 URL
https://cache.thepaper.cn/contentapi/wwwIndex/rightSidebar
scripts/fetch_news.py:170
🔗
Medium External URL 外部 URL
https://www.thepaper.cn/newsDetail_forward_
scripts/fetch_news.py:172
🔗
Medium External URL 外部 URL
https://bbs.hupu.com/all-gambia
scripts/fetch_news.py:176
🔗
Medium External URL 外部 URL
https://bbs.hupu.com
scripts/fetch_news.py:180
🔗
Medium External URL 外部 URL
https://api-one-wscn.awtmt.com/apiv1/content/lives?channel=global-channel&limit=30
scripts/fetch_news.py:184
🔗
Medium External URL 外部 URL
https://wallstreetcn.com/live/
scripts/fetch_news.py:186
🔗
Medium External URL 外部 URL
https://www.cls.cn/nodeapi/updateTelegraphList?app=CailianpressWeb&os=web&rn=
scripts/fetch_news.py:190
🔗
Medium External URL 外部 URL
https://www.cls.cn/detail/
scripts/fetch_news.py:195
🔗
Medium External URL 外部 URL
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$
scripts/lib/utils.mjs:105
🔗
Medium External URL 外部 URL
https://api.weixin.qq.com$
scripts/lib/utils.mjs:116
🔗
Medium External URL 外部 URL
https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket=$
scripts/lib/utils.mjs:389
🔗
Medium External URL 外部 URL
https://www.python.org/downloads/
scripts/setup.mjs:30

File Tree

28 files · 170.4 KB · 4313 lines
Markdown 13f · 2521L JavaScript 8f · 1111L Python 2f · 534L JSON 5f · 147L
├─ 📁 assets
│ └─ 📁 templates
│ ├─ 📋 business.json JSON 27L · 2.1 KB
│ ├─ 📋 minimal.json JSON 27L · 1.9 KB
│ └─ 📋 tech.json JSON 27L · 2.1 KB
├─ 📁 config
│ └─ 📋 default.json JSON 25L · 527 B
├─ 📁 evals
│ ├─ 📁 results
│ │ ├─ 📝 article-with-skill.md Markdown 34L · 1.8 KB
│ │ └─ 📝 article-without-skill.md Markdown 28L · 1.3 KB
│ └─ 📋 evals.json JSON 41L · 2.0 KB
├─ 📁 references
│ ├─ 📝 article-templates.md Markdown 131L · 3.2 KB
│ ├─ 📝 cover-image-guide.md Markdown 282L · 9.8 KB
│ ├─ 📝 illustration-prompts.md Markdown 692L · 25.3 KB
│ ├─ 📝 infographic-layouts.md Markdown 192L · 6.7 KB
│ ├─ 📝 style-guide.md Markdown 96L · 4.1 KB
│ ├─ 📝 weixin-constraints.md Markdown 92L · 2.6 KB
│ ├─ 📝 writing-sop.md Markdown 106L · 4.3 KB
│ └─ 📝 writing-techniques.md Markdown 381L · 17.6 KB
├─ 📁 scripts
│ ├─ 📁 lib
│ │ └─ 📜 utils.mjs JavaScript 415L · 16.8 KB
│ ├─ 📜 check_comments.mjs JavaScript 88L · 2.7 KB
│ ├─ 📜 daily_report.mjs JavaScript 103L · 4.3 KB
│ ├─ 🐍 fetch_news.py Python 253L · 12.4 KB
│ ├─ 🐍 markdown_to_html.py Python 281L · 11.2 KB
│ ├─ 📜 publisher.mjs JavaScript 194L · 6.3 KB
│ ├─ 📜 reply_comment.mjs JavaScript 53L · 1.6 KB
│ ├─ 📜 setup.mjs JavaScript 45L · 1.6 KB
│ ├─ 📜 smart_collect.mjs JavaScript 92L · 3.6 KB
│ └─ 📜 weekly_report.mjs JavaScript 121L · 4.8 KB
├─ 📝 persona.md Markdown 36L · 1.3 KB
├─ 📝 README.md Markdown 59L · 1.5 KB
└─ 📝 SKILL.md Markdown 392L · 16.9 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
urllib (stdlib) Python3 built-in stdlib No fetch_news.py 仅使用标准库
fetch API Node.js 18+ built-in stdlib No utils.mjs 使用 Node.js 内置 fetch

Security Positives

✓ 代码完全可读,无混淆、无 Base64 编码执行
✓ 声明能力与实际实现完全一致,无阴影功能
✓ 仅调用合规数据源(HackerNews/GitHub/知乎/微信官方 API)
✓ 无环境变量遍历收割凭证行为
✓ 无远程脚本下载和执行
✓ 依赖纯标准库(Python urllib)或 Node.js 内置模块
✓ 使用 Node.js fetch API 而非 curl/wget
✓ 子进程调用均为本地脚本,SKILL.md 明确声明