中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
kay-video-upload
多平台短视频自动发布工具,支持抖音、视频号、快手、小红书、B站
Multi-platform video publisher with legitimate automation patterns; no malicious behavior detected. All shell access and network operations are documented and necessary for the skill's stated functionality.
技能名称kay-video-upload
分析耗时73.4s
引擎pi
可以安装
This skill can be safely used. No additional security controls needed beyond standard best practices.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md declares video directory access
文件系统 WRITE WRITE ✓ 一致 Writes cookies/logs - documented in SKILL.md
网络访问 READ READ ✓ 一致 Playwright visits social media platforms - documented
命令执行 WRITE WRITE ✓ 一致 subprocess for pip install/biliup - documented
环境变量 READ READ ✓ 一致 VIDEO_DIR, CHROME_PATH, XHS_SERVER - documented
浏览器 WRITE WRITE ✓ 一致 Playwright browser automation - documented
18 项发现
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:11901
README.md:78
🔗
中危 外部 URL 外部 URL
https://www.xiaohongshu.com/explore
scripts/publish.py:92
🔗
中危 外部 URL 外部 URL
https://creator.douyin.com/creator-micro/content/upload
scripts/uploader/douyin_uploader/main.py:21
🔗
中危 外部 URL 外部 URL
https://creator.douyin.com/
scripts/uploader/douyin_uploader/main.py:60
🔗
中危 外部 URL 外部 URL
https://creator.douyin.com/creator-micro/content/publish?enter_from=publish_page
scripts/uploader/douyin_uploader/main.py:126
🔗
中危 外部 URL 外部 URL
https://creator.douyin.com/creator-micro/content/post/video?enter_from=publish_page
scripts/uploader/douyin_uploader/main.py:133
🔗
中危 外部 URL 外部 URL
https://creator.douyin.com/creator-micro/content/manage**
scripts/uploader/douyin_uploader/main.py:211
🔗
中危 外部 URL 外部 URL
https://cp.kuaishou.com/article/publish/video
scripts/uploader/ks_uploader/main.py:22
🔗
中危 外部 URL 外部 URL
https://cp.kuaishou.com
scripts/uploader/ks_uploader/main.py:58
🔗
中危 外部 URL 外部 URL
https://cp.kuaishou.com/article/manage/video?status=2&from=publish
scripts/uploader/ks_uploader/main.py:179
🔗
中危 外部 URL 外部 URL
https://channels.weixin.qq.com/platform/post/create
scripts/uploader/tencent_uploader/main.py:42
🔗
中危 外部 URL 外部 URL
https://channels.weixin.qq.com
scripts/uploader/tencent_uploader/main.py:67
🔗
中危 外部 URL 外部 URL
https://channels.weixin.qq.com/platform/post/list
scripts/uploader/tencent_uploader/main.py:203
🔗
中危 外部 URL 外部 URL
https://www.xiaohongshu.com
scripts/uploader/xhs_uploader/main.py:28
🔗
中危 外部 URL 外部 URL
https://www.mnot.net/blog/2016/03/09/alt-svc
scripts/utils/stealth.min.js:7
🔗
中危 外部 URL 外部 URL
https://source.chromium.org/chromium/chromium/src/+/master:components/crx_file/id_util.cc;drc=14a055ccb17e8c8d5d437fe080...
scripts/utils/stealth.min.js:7
🔗
中危 外部 URL 外部 URL
https://developer.chrome.com/apps/runtime#method-connect\n
scripts/utils/stealth.min.js:7
🔗
中危 外部 URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/API/WebGL2RenderingContext#Browser_compatibility\n
scripts/utils/stealth.min.js:7

目录结构

23 文件 · 258.6 KB · 2147 行
Python 19f · 1865L Markdown 3f · 276L JavaScript 1f · 6L
├─ 📁 references
│ └─ 📝 platforms.md Markdown 40L · 1.4 KB
├─ 📁 scripts
│ ├─ 📁 uploader
│ │ ├─ 📁 bilibili_uploader
│ │ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ │ └─ 🐍 main.py Python 79L · 3.4 KB
│ │ ├─ 📁 douyin_uploader
│ │ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ │ └─ 🐍 main.py Python 394L · 19.4 KB
│ │ ├─ 📁 ks_uploader
│ │ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ │ └─ 🐍 main.py Python 213L · 9.0 KB
│ │ ├─ 📁 tencent_uploader
│ │ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ │ └─ 🐍 main.py Python 285L · 13.9 KB
│ │ ├─ 📁 xhs_uploader
│ │ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ │ └─ 🐍 main.py Python 58L · 2.3 KB
│ │ └─ 🐍 __init__.py Python 1L · 2 B
│ ├─ 📁 utils
│ │ ├─ 🐍 __init__.py Python 1L · 2 B
│ │ ├─ 🐍 base_social_media.py Python 29L · 797 B
│ │ ├─ 🐍 constant.py Python 309L · 8.2 KB
│ │ ├─ 🐍 files_times.py Python 83L · 2.7 KB
│ │ ├─ 🐍 log.py Python 53L · 1.9 KB
│ │ └─ 📜 stealth.min.js JavaScript 6L · 176.2 KB
│ ├─ 🐍 conf.py Python 20L · 690 B
│ ├─ 🐍 publish.py Python 256L · 9.8 KB
│ └─ 🐍 setup.py Python 79L · 2.3 KB
├─ 📝 README.md Markdown 139L · 3.3 KB
└─ 📝 SKILL.md Markdown 97L · 3.4 KB

依赖分析 4 项

包名版本来源已知漏洞备注
playwright * pip Version not pinned, standard browser automation library
biliup * pip Bilibili upload tool
loguru * pip Logging library
requests * pip HTTP client, version not pinned

安全亮点

✓ All capabilities properly declared in SKILL.md
✓ No credential harvesting or exfiltration detected
✓ No reverse shells or C2 infrastructure
✓ No base64/eval/exec patterns found
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|wget remote script execution
✓ Dependencies are standard legitimate libraries (playwright, requests, loguru, biliup)
✓ Cookies stored locally and used only for platform authentication
✓ stealth.min.js is a publicly known legitimate anti-bot evasion library