中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
fly-flight
China domestic flight and high-speed rail transport lookup skill via public web sources and 12306 official endpoints
A legitimate China domestic transport query skill (flights + trains) that makes documented HTTP requests to public endpoints with no malicious behavior, credential access, or data exfiltration.
Skill Namefly-flight
Duration41.6s
Enginepi
Safe to install
No blocking action needed. The skill is safe for deployment.

Findings 2 items

Severity Finding Location
Low
Node.js invocation not explicitly called out in SKILL.md Doc Mismatch
SKILL.md declares 'node' as a runtime dependency but does not explicitly document that flight mode spawns a 'node extract_tongcheng_state.js' subprocess. The dependency is listed and the tool is well-known, so this is a minor doc gap with no security impact.
subprocess.run(['node', str(script_path)], input=html, capture_output=True, text=True, check=False)
→ Consider adding a brief note in SKILL.md: 'Flight mode internally invokes a node script for HTML extraction'.
 scripts/providers/flight_public_service.py:63
Low
Local HTTP server binds to all interfaces by default Sensitive Access
The serve command defaults to --host 127.0.0.1 (correct) but the transport_service.py server binds there. This is benign for localhost use.
DEFAULT_HOST = '127.0.0.1'
→ No action needed. Binding to localhost is appropriate.
 scripts/transport_service.py:24
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned flight_public_service.py:74-76 fetches ly.com; train_public_service.py:45-47 fet…
Filesystem READ READ ✓ Aligned flight_public_service.py:18 reads local JSON data files; sample state files read…
Shell NONE READ ✓ Aligned flight_public_service.py:63-68 invokes 'node extract_tongcheng_state.js' — node …
Environment NONE NONE No os.environ access found anywhere
Clipboard NONE NONE Not used
Browser NONE NONE Not used
Database NONE NONE Not used
Skill Invoke NONE NONE No skill-invocation or inter-skill calls found
8 findings
🔗
Medium External URL 外部 URL
https://www.ly.com/flights/
README.md:78
🔗
Medium External URL 外部 URL
https://kyfw.12306.cn/
README.md:83
🔗
Medium External URL 外部 URL
https://www.ly.com/flights/itinerary/oneway/
references/provider-public-web.md:6
🔗
Medium External URL 外部 URL
https://www.ly.com/flights/itinerary/oneway/BJS-SHA?date=2026-03-20
references/provider-public-web.md:7
🔗
Medium External URL 外部 URL
https://kyfw.12306.cn/otn/resources/js/framework/station_name.js?station_version=1.9367
scripts/providers/train_public_service.py:20
🔗
Medium External URL 外部 URL
https://kyfw.12306.cn/otn/leftTicket/queryG
scripts/providers/train_public_service.py:21
🔗
Medium External URL 外部 URL
https://kyfw.12306.cn/otn/leftTicket/init?linktypeid=dc
scripts/providers/train_public_service.py:22
🔗
Medium External URL 外部 URL
https://kyfw.12306.cn/otn/leftTicketPrice/queryAllPublicPrice
scripts/providers/train_public_service.py:23

File Tree

17 files · 70.4 KB · 2063 lines
Python 6f · 1275L JSON 6f · 378L Markdown 3f · 377L JavaScript 1f · 29L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 328 B
├─ 📁 assets
│ ├─ 📁 data
│ │ ├─ 📋 airport_aliases.json JSON 74L · 2.0 KB
│ │ └─ 📋 domestic_city_codes.json JSON 160L · 3.4 KB
│ ├─ 📋 sample-provider-response.json JSON 45L · 1.2 KB
│ ├─ 📋 sample-public-state.json JSON 45L · 1.3 KB
│ ├─ 📋 sample-train-price.json JSON 38L · 970 B
│ └─ 📋 sample-train-query.json JSON 16L · 513 B
├─ 📁 references
│ └─ 📝 provider-public-web.md Markdown 22L · 829 B
├─ 📁 scripts
│ ├─ 📁 providers
│ │ ├─ 🐍 __init__.py Python 1L · 62 B
│ │ ├─ 🐍 flight_public_service.py Python 353L · 12.1 KB
│ │ └─ 🐍 train_public_service.py Python 503L · 17.1 KB
│ ├─ 🐍 domestic_flight_public_service.py Python 96L · 4.3 KB
│ ├─ 📜 extract_tongcheng_state.js JavaScript 29L · 721 B
│ ├─ 🐍 test_domestic_flight_public_service.py Python 128L · 3.5 KB
│ └─ 🐍 transport_service.py Python 194L · 9.7 KB
├─ 📝 README.md Markdown 249L · 7.8 KB
└─ 📝 SKILL.md Markdown 106L · 4.7 KB

Security Positives

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or os.environ
✓ No data exfiltration — all network calls are to documented, legitimate transport query endpoints (ly.com, 12306.cn)
✓ No obfuscation — no base64, eval(), or dynamic code generation found
✓ No reverse shell, C2, or persistence mechanisms
✓ No supply chain risks — no external dependencies declared, only python3 and node runtime tools
✓ All network destinations are explicitly documented in SKILL.md and README.md
✓ Sample data files are used only as test fixtures, not loaded dynamically from untrusted sources
✓ SSL context is properly configured for 12306 HTTPS calls
✓ No arbitrary file writes — filesystem access is read-only (loading local JSON data files)
✓ The node subprocess executes a fixed script path within the skill directory, not arbitrary user input