Scan Report
5 /100
metal-price
Daily non-ferrous metals briefing for AI agents. Collects real-time base metals prices (Cu/Zn/Ni/Co/Mg/Bi) from Yahoo Finance, CCMN, SMM, and Westmetall, then delivers a six-section professional investment research report via Telegram.
合法的有色金属价格监控工具,仅进行公开金融数据采集和Telegram消息推送,无恶意行为。
Safe to install
可安全使用。代码功能与文档一致,仅访问公开金融API和数据源。
Findings 3 items
| Severity | Finding | Location |
|---|---|---|
| Low | 硬编码占位符IP地址 | scripts/test-sources.mjs:47 |
| Info | 子进程执行已声明脚本 | scripts/daily-report.mjs:43 |
| Info | 多数据源聚合设计 | scripts/fetch-all-data.mjs:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | scripts/fetch-all-data.mjs:1-50 代码仅使用fetch访问外部API |
| Filesystem | NONE | READ | ✓ Aligned | scripts/daily-report.mjs:18-36 仅读取.env文件获取Telegram凭证 |
| Shell | NONE | READ | ✓ Aligned | scripts/daily-report.mjs:43 使用execFile执行子脚本(Node.js标准模式) |
| Environment | NONE | READ | ✓ Aligned | 仅通过.env文件读取Telegram配置 |
1 High 65 findings
High IP Address 硬编码 IP 地址
122.0.0.0 scripts/test-sources.mjs:47 Medium External URL 外部 URL
https://api.telegram.org/bot$ scripts/daily-report.mjs:514 Medium External URL 外部 URL
https://m.ccmn.cn/mhangqing/getCorpStmarketPriceList?marketVmid=40288092327140f601327141c0560001 scripts/fetch-all-data.mjs:28 Medium External URL 外部 URL
https://m.ccmn.cn/mhangqing/mcjxh/ scripts/fetch-all-data.mjs:32 Medium External URL 外部 URL
http://app.ometal.cn/data/mlist.asp scripts/fetch-all-data.mjs:83 Medium External URL 外部 URL
http://app.ometal.cn/ scripts/fetch-all-data.mjs:94 Medium External URL 外部 URL
https://query1.finance.yahoo.com/v8/finance/chart/$ scripts/fetch-all-data.mjs:163 Medium External URL 外部 URL
https://hq.smm.cn/h5/bismuth-price scripts/fetch-all-data.mjs:254 Medium External URL 外部 URL
https://www.smm.cn/ scripts/fetch-all-data.mjs:266 Medium External URL 外部 URL
https://hq.smm.cn/h5/$ scripts/fetch-all-data.mjs:361 Medium External URL 外部 URL
https://www.westmetall.com/en/markdaten.php?action=table&field=LME_XX_stock scripts/fetch-all-data.mjs:470 Medium External URL 外部 URL
https://www.westmetall.com/en/markdaten.php?action=table&field=$ scripts/fetch-all-data.mjs:490 Medium External URL 外部 URL
https://www.westmetall.com/en/markdaten.php scripts/fetch-all-data.mjs:496 Medium External URL 外部 URL
https://www.lme.com/Market-Data/Reports-and-data/Warehouse-Stock-Statistics scripts/fetch-all-data.mjs:598 Medium External URL 外部 URL
https://api.investing.com/api/financialdata/assets/equitiesByType?country=&type=metals&page=0&pageSize=20 scripts/fetch-all-data.mjs:638 Medium External URL 外部 URL
https://news.google.com/rss/search?q=%E6%9C%89%E8%89%B2%E9%87%91%E5%B1%9E+%E4%BB%B7%E6%A0%BC&hl=zh-CN&gl=CN&ceid=CN:zh-H... scripts/fetch-all-data.mjs:692 Medium External URL 外部 URL
https://news.google.com/rss/search?q=$ scripts/fetch-all-data.mjs:730 Medium External URL 外部 URL
https://www.reddit.com/r/Commodities/top.json?t=week&limit=25 scripts/fetch-all-data.mjs:842 Medium External URL 外部 URL
https://www.reddit.com/r/Commodities/hot.json?limit=25 scripts/fetch-all-data.mjs:846 Medium External URL 外部 URL
https://reddit.com$ scripts/fetch-all-data.mjs:861 Medium External URL 外部 URL
https://tradingeconomics.com/commodity/cobalt scripts/fetch-all-data.mjs:942 Medium External URL 外部 URL
https://www.dailymetalprice.com/metalpricecharts.php?c=co&u=usd&d=5 scripts/fetch-all-data.mjs:984 Medium External URL 外部 URL
https://www.dailymetalprice.com/ scripts/fetch-all-data.mjs:988 Medium External URL 外部 URL
https://query1.finance.yahoo.com/v8/finance/chart/USDCNY=X?interval=1d&range=2d scripts/fetch-all-data.mjs:1019 Medium External URL 外部 URL
https://feeds.reuters.com/reuters/UKBusinessNews scripts/fetch-news.mjs:94 Medium External URL 外部 URL
https://finance.yahoo.com/rss/topstories scripts/fetch-news.mjs:99 Medium External URL 外部 URL
https://stooq.com/q/l/?s=$ scripts/fetch-prices.mjs:92 Medium External URL 外部 URL
https://www.shfe.com.cn/data/dailydata/WarehouseReceipt20260317.dat scripts/test-sources.mjs:5 Medium External URL 外部 URL
https://www.shfe.com.cn/data/dailydata/wr/wr20260317.dat scripts/test-sources.mjs:6 Medium External URL 外部 URL
https://datacenter.shfe.com.cn/statement/datatype/WareHouseReceipt//otc scripts/test-sources.mjs:7 Medium External URL 外部 URL
https://www.shfe.com.cn/ scripts/test-sources.mjs:12 Medium External URL 外部 URL
https://www.macrotrends.net/assets/php/fund_and_commodity_chart_data_download.php?t=HG00&type=price scripts/test-sources.mjs:22 Medium External URL 外部 URL
https://www.macrotrends.net/ scripts/test-sources.mjs:23 Medium External URL 外部 URL
https://hq.smm.cn/h5/ scripts/test-sources.mjs:33 Medium External URL 外部 URL
https://www.lme.com/api/Reports/WarehouseStockByMetalReportDownload?fileName=&isInternal=false scripts/test-sources.mjs:45 Medium External URL 外部 URL
https://api.worldbank.org/v2/en/indicator/PCOPP.USD?downloadformat=json&mrv=5 scripts/test-sources.mjs:72 Medium External URL 外部 URL
https://rong360.jin10.com/api/flash_newest?category=0&channel=-1&vip=0 scripts/test-sources2.mjs:6 Medium External URL 外部 URL
https://flash-api.jin10.com/get_flash_by_category?category=15&count=20&vip=0 scripts/test-sources2.mjs:7 Medium External URL 外部 URL
https://datacenter.jin10.com/reportType/dc_lme_inventory scripts/test-sources2.mjs:8 Medium External URL 外部 URL
https://datacenter.jin10.com/reportType/dc_copper_inventory scripts/test-sources2.mjs:9 Medium External URL 外部 URL
https://www.jin10.com/ scripts/test-sources2.mjs:14 Medium External URL 外部 URL
https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_FUTU_LME_INVENTORY&columns=ALL&pageSize=10&sortColum... scripts/test-sources2.mjs:27 Medium External URL 外部 URL
https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_FUTU_METAL_INVENTORY&columns=ALL&pageSize=10 scripts/test-sources2.mjs:28 Medium External URL 外部 URL
https://data.eastmoney.com/ scripts/test-sources2.mjs:33 Medium External URL 外部 URL
https://d.10jqka.com.cn/v2/future/hs_lme_inventory/block/json scripts/test-sources2.mjs:46 Medium External URL 外部 URL
https://data.10jqka.com.cn/futures/lme_inventory/ scripts/test-sources2.mjs:47 Medium External URL 外部 URL
https://d.10jqka.com.cn/v2/report/hs_lme_copper/json scripts/test-sources2.mjs:48 Medium External URL 外部 URL
https://www.10jqka.com.cn/ scripts/test-sources2.mjs:53 Medium External URL 外部 URL
https://www.cmegroup.com/CmeWS/mvc/Settlements/futures/options/tradeDate/20260314/productCode/HG/type/ALL/code/ALL scripts/test-sources2.mjs:66 Medium External URL 外部 URL
https://www.cmegroup.com/CmeWS/mvc/Volume/getCombinedVolumeDownloadDetails/tradeDate/20260314/asset/copper.csv scripts/test-sources2.mjs:67 Medium External URL 外部 URL
https://www.cmegroup.com/CmeWS/mvc/Warehouse/getCopperWarehouseStocks.json scripts/test-sources2.mjs:68 Medium External URL 外部 URL
https://www.cmegroup.com/market-data/reports/warehouse-stock-reports.html scripts/test-sources2.mjs:69 Medium External URL 外部 URL
https://www.westmetall.com/en/markdaten.php?action=table&field=LME_Cu_cash scripts/test-sources2.mjs:87 Medium External URL 外部 URL
https://datacenter.jin10.com/v2/lme/inventory/latest scripts/test-sources3.mjs:33 Medium External URL 外部 URL
https://datacenter.jin10.com/v3/lme/inventory scripts/test-sources3.mjs:34 Medium External URL 外部 URL
https://datacenter.jin10.com/ scripts/test-sources3.mjs:41 Medium External URL 外部 URL
https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_LME_INVENTORY&columns=ALL&pageSize=5 scripts/test-sources3.mjs:60 Medium External URL 外部 URL
https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_FUTURES_LME_INVENTORY&columns=ALL&pageSize=5 scripts/test-sources3.mjs:61 Medium External URL 外部 URL
https://futurold.eastmoney.com/web/api/lme/inventory?page=1&pagesize=5 scripts/test-sources3.mjs:62 Medium External URL 外部 URL
https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_FUTU_POSITIONS&columns=ALL&pageSize=5&sortColumns=DA... scripts/test-sources3.mjs:64 Medium External URL 外部 URL
https://data.eastmoney.com/futures/ scripts/test-sources3.mjs:69 Medium External URL 外部 URL
https://www.lme.com/api/Graphs/LMEStockData scripts/test-sources3.mjs:83 Medium External URL 外部 URL
https://api.lme.com/warehouse/stock scripts/test-sources3.mjs:84 Medium External URL 外部 URL
https://www.lme.com/en-GB/Trading/Physical-market/Warehousing/LME-stocks scripts/test-sources3.mjs:85 Medium External URL 外部 URL
https://www.lme.com/ scripts/test-sources3.mjs:93 File Tree
12 files · 124.4 KB · 3085 lines JavaScript 9f · 2813L
Markdown 2f · 262L
JSON 1f · 10L
├─
▾
scripts
│ ├─
daily-report.mjs
JavaScript
│ ├─
fetch-all-data.mjs
JavaScript
│ ├─
fetch-news.mjs
JavaScript
│ ├─
fetch-prices.mjs
JavaScript
│ ├─
send-telegram.mjs
JavaScript
│ ├─
test-sources.mjs
JavaScript
│ ├─
test-sources2.mjs
JavaScript
│ ├─
test-sources3.mjs
JavaScript
│ └─
test-westmetall.mjs
JavaScript
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
Node.js原生API | N/A | built-in | No | 仅使用fetch、fs、path、child_process等原生模块 |
Security Positives
✓ 代码功能与SKILL.md文档完全一致,无文档-行为差异
✓ 无凭证收割、敏感路径遍历、数据外传等危险行为
✓ 无base64解码、eval执行、bash管道等可疑代码模式
✓ Telegram凭证仅存储于本地.env,不存在外泄风险
✓ 所有外部数据源均为公开金融API,符合工具声明用途
✓ 代码结构清晰,包含详细的错误处理和重试机制