Scan Report
15 /100
youtube-channel-compare
So sánh 2-5 kênh YouTube theo views, engagement rate, trending score và tần suất đăng bài
合法 YouTube 频道比较工具,代码实现干净,subprocess 调用 yt-dlp 获取数据,输出本地报告,无敏感操作。
Safe to install
可正常使用。SKILL.md 可补充声明 subprocess 调用外部工具(yt-dlp)。
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | 文档未声明 subprocess 实现 Doc Mismatch | scripts/compare_channels.py:26 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/compare_channels.py:119,127 |
| Shell | NONE | WRITE | ✓ Aligned | scripts/compare_channels.py:26-32 subprocess.run 调用 yt-dlp |
| Network | READ | READ | ✓ Aligned | scripts/compare_channels.py:26-32 yt-dlp 请求 YouTube |
2 findings
Medium External URL 外部 URL
https://youtube.com/@MrBeast SKILL.md:52 Medium External URL 外部 URL
https://youtube.com/@PewDiePie SKILL.md:52 File Tree
2 files · 8.8 KB · 244 lines Python 1f · 168L
Markdown 1f · 76L
├─
▾
scripts
│ └─
compare_channels.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
yt-dlp | * | external_binary | No | 需预先安装 yt-dlp 命令行工具,SKILL.md 未声明此依赖 |
Security Positives
✓ 代码结构清晰,168 行简单易读
✓ 无命令注入风险,cmd 数组硬编码 yt-dlp 参数
✓ 无凭证收割、环境变量遍历等敏感操作
✓ 无外部 IP 通信(仅通过 yt-dlp 访问 YouTube)
✓ 报告输出到本地目录,不外传数据
✓ 输入 URL 验证逻辑存在(len(args.urls) >= 2)
✓ 无 base64、eval、动态代码执行等混淆行为