Scan Report
5 /100
kay-video-upload
多平台短视频自动发布工具,支持抖音、视频号、快手、小红书、B站
Multi-platform video publisher with legitimate automation patterns; no malicious behavior detected. All shell access and network operations are documented and necessary for the skill's stated functionality.
Safe to install
This skill can be safely used. No additional security controls needed beyond standard best practices.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md declares video directory access |
| Filesystem | WRITE | WRITE | ✓ Aligned | Writes cookies/logs - documented in SKILL.md |
| Network | READ | READ | ✓ Aligned | Playwright visits social media platforms - documented |
| Shell | WRITE | WRITE | ✓ Aligned | subprocess for pip install/biliup - documented |
| Environment | READ | READ | ✓ Aligned | VIDEO_DIR, CHROME_PATH, XHS_SERVER - documented |
| Browser | WRITE | WRITE | ✓ Aligned | Playwright browser automation - documented |
18 findings
Medium External URL 外部 URL
http://127.0.0.1:11901 README.md:78 Medium External URL 外部 URL
https://www.xiaohongshu.com/explore scripts/publish.py:92 Medium External URL 外部 URL
https://creator.douyin.com/creator-micro/content/upload scripts/uploader/douyin_uploader/main.py:21 Medium External URL 外部 URL
https://creator.douyin.com/ scripts/uploader/douyin_uploader/main.py:60 Medium External URL 外部 URL
https://creator.douyin.com/creator-micro/content/publish?enter_from=publish_page scripts/uploader/douyin_uploader/main.py:126 Medium External URL 外部 URL
https://creator.douyin.com/creator-micro/content/post/video?enter_from=publish_page scripts/uploader/douyin_uploader/main.py:133 Medium External URL 外部 URL
https://creator.douyin.com/creator-micro/content/manage** scripts/uploader/douyin_uploader/main.py:211 Medium External URL 外部 URL
https://cp.kuaishou.com/article/publish/video scripts/uploader/ks_uploader/main.py:22 Medium External URL 外部 URL
https://cp.kuaishou.com scripts/uploader/ks_uploader/main.py:58 Medium External URL 外部 URL
https://cp.kuaishou.com/article/manage/video?status=2&from=publish scripts/uploader/ks_uploader/main.py:179 Medium External URL 外部 URL
https://channels.weixin.qq.com/platform/post/create scripts/uploader/tencent_uploader/main.py:42 Medium External URL 外部 URL
https://channels.weixin.qq.com scripts/uploader/tencent_uploader/main.py:67 Medium External URL 外部 URL
https://channels.weixin.qq.com/platform/post/list scripts/uploader/tencent_uploader/main.py:203 Medium External URL 外部 URL
https://www.xiaohongshu.com scripts/uploader/xhs_uploader/main.py:28 Medium External URL 外部 URL
https://www.mnot.net/blog/2016/03/09/alt-svc scripts/utils/stealth.min.js:7 Medium External URL 外部 URL
https://source.chromium.org/chromium/chromium/src/+/master:components/crx_file/id_util.cc;drc=14a055ccb17e8c8d5d437fe080... scripts/utils/stealth.min.js:7 Medium External URL 外部 URL
https://developer.chrome.com/apps/runtime#method-connect\n scripts/utils/stealth.min.js:7 Medium External URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/API/WebGL2RenderingContext#Browser_compatibility\n scripts/utils/stealth.min.js:7 File Tree
23 files · 258.6 KB · 2147 lines Python 19f · 1865L
Markdown 3f · 276L
JavaScript 1f · 6L
├─
▾
references
│ └─
platforms.md
Markdown
├─
▾
scripts
│ ├─
▾
uploader
│ │ ├─
▾
bilibili_uploader
│ │ │ ├─
__init__.py
Python
│ │ │ └─
main.py
Python
│ │ ├─
▾
douyin_uploader
│ │ │ ├─
__init__.py
Python
│ │ │ └─
main.py
Python
│ │ ├─
▾
ks_uploader
│ │ │ ├─
__init__.py
Python
│ │ │ └─
main.py
Python
│ │ ├─
▾
tencent_uploader
│ │ │ ├─
__init__.py
Python
│ │ │ └─
main.py
Python
│ │ ├─
▾
xhs_uploader
│ │ │ ├─
__init__.py
Python
│ │ │ └─
main.py
Python
│ │ └─
__init__.py
Python
│ ├─
▾
utils
│ │ ├─
__init__.py
Python
│ │ ├─
base_social_media.py
Python
│ │ ├─
constant.py
Python
│ │ ├─
files_times.py
Python
│ │ ├─
log.py
Python
│ │ └─
stealth.min.js
JavaScript
│ ├─
conf.py
Python
│ ├─
publish.py
Python
│ └─
setup.py
Python
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
playwright | * | pip | No | Version not pinned, standard browser automation library |
biliup | * | pip | No | Bilibili upload tool |
loguru | * | pip | No | Logging library |
requests | * | pip | No | HTTP client, version not pinned |
Security Positives
✓ All capabilities properly declared in SKILL.md
✓ No credential harvesting or exfiltration detected
✓ No reverse shells or C2 infrastructure
✓ No base64/eval/exec patterns found
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|wget remote script execution
✓ Dependencies are standard legitimate libraries (playwright, requests, loguru, biliup)
✓ Cookies stored locally and used only for platform authentication
✓ stealth.min.js is a publicly known legitimate anti-bot evasion library