扫描报告
5 /100
factoriago
FactoriaGo platform assistant — AI-driven academic paper revision and resubmission
The FactoriaGo skill is a legitimate academic paper revision platform API client with no malicious behavior, credential exfiltration, or hidden functionality. All capabilities match documentation.
可以安装
Approve for use. The skill is a straightforward Node.js HTTPS API client for managing academic paper revision workflows.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md declares reading .md files; no file writes in scripts/factoriago-client… |
| 网络访问 | READ | READ | ✓ 一致 | All HTTPS requests target editor.factoriago.com (lines 11-43 in scripts/factoria… |
| 命令执行 | NONE | NONE | — | No subprocess/spawn calls; only used via `node scripts/factoriago-client.js` |
| 环境变量 | NONE | READ | ✓ 一致 | process.env.FACTORIAGO_COOKIE read only (line 87); no iteration through env vars… |
| 技能调用 | NONE | NONE | — | No inter-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No direct database access |
11 项发现
中危 外部 URL 外部 URL
https://factoriago.com FactoriaGo-Skill-Guide.md:9 中危 外部 URL 外部 URL
https://console.anthropic.com/keys FactoriaGo-Skill-Guide.md:35 中危 外部 URL 外部 URL
https://platform.openai.com/api-keys FactoriaGo-Skill-Guide.md:36 中危 外部 URL 外部 URL
https://aistudio.google.com/app/apikey FactoriaGo-Skill-Guide.md:37 中危 外部 URL 外部 URL
https://platform.moonshot.cn/console/api-keys FactoriaGo-Skill-Guide.md:38 中危 外部 URL 外部 URL
https://open.bigmodel.cn/usercenter/apikeys FactoriaGo-Skill-Guide.md:39 中危 外部 URL 外部 URL
https://platform.minimaxi.com/user-center/basic-information/interface-key FactoriaGo-Skill-Guide.md:40 中危 外部 URL 外部 URL
https://editor.factoriago.com FactoriaGo-Skill-Guide.md:165 中危 外部 URL 外部 URL
https://editor.factoriago.com/api/* SKILL.md:22 中危 外部 URL 外部 URL
https://editor.factoriago.com/api SKILL.md:31 中危 外部 URL 外部 URL
https://factoriago.com/api/auth/login references/api.md:91 目录结构
6 文件 · 34.5 KB · 893 行 Markdown 5f · 572L
JavaScript 1f · 321L
├─
▾
references
│ ├─
api.md
Markdown
│ ├─
reviewer-response.md
Markdown
│ └─
revision-workflow.md
Markdown
├─
▾
scripts
│ └─
factoriago-client.js
JavaScript
├─
FactoriaGo-Skill-Guide.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All network requests go only to the legitimate editor.factoriago.com API endpoint via HTTPS
✓ No shell execution, subprocess spawning, or eval() calls in the client script
✓ No credential exfiltration — API keys are sent only to the server's own /settings/llm endpoint
✓ Session cookie is stored in an environment variable (FACTORIAGO_COOKIE), not written to disk
✓ No base64-encoded payloads, no obfuscation, no anti-analysis patterns
✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env, etc.)
✓ No remote script execution (curl|bash, wget|sh patterns absent)
✓ HTML response detection (lines 37-40) prevents auth bypass via SPA redirects
✓ No supply chain risks — pure Node.js standard library, no external npm dependencies
✓ Documentation accurately reflects all code functionality with no shadow behavior