Scan Report
5 /100
amazon-review-workbook
通过Chrome CDP抓取Amazon评论并导出14列工作簿,支持DeepLX翻译和语义标签
Amazon评论抓取工具,代码功能与文档声明一致,无恶意行为,无凭证收割或数据外泄
Safe to install
可用。无需额外限制。
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | 第三方依赖无版本锁定 | references/setup.md:43 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/review_delivery_schema.py:write_delivery_artifacts |
| Network | READ | READ | ✓ Aligned | scripts/deeplx_translate.py:call_deeplx |
| Browser | WRITE | WRITE | ✓ Aligned | scripts/amazon_review_workbook.py:BrowserSession |
| Shell | NONE | NONE | — | 无subprocess/os.system调用 |
2 findings
Medium External URL 外部 URL
https://your-deeplx-host/translate README.md:53 Medium External URL 外部 URL
http://127.0.0.1: scripts/amazon_review_workbook.py:675 File Tree
13 files · 175.1 KB · 5215 lines Python 5f · 4471L
Markdown 6f · 735L
JSON 1f · 5L
YAML 1f · 4L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ ├─
output-schema.md
Markdown
│ ├─
setup.md
Markdown
│ └─
tagging-guidelines.md
Markdown
├─
▾
scripts
│ ├─
amazon_review_workbook.py
Python
│ ├─
deeplx_translate.py
Python
│ ├─
label_workflow.py
Python
│ ├─
review_cache.py
Python
│ └─
review_delivery_schema.py
Python
├─
_meta.json
JSON
├─
LICENSE.zh-CN.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
pandas | * | pip | No | setup.md指示无版本锁定 |
openpyxl | * | pip | No | setup.md指示无版本锁定 |
requests | * | pip | No | setup.md指示无版本锁定 |
websocket-client | * | pip | No | setup.md指示无版本锁定 |
Security Positives
✓ 文档完整详细,功能声明与代码实现一致
✓ 无凭证收割行为(不遍历环境变量或读取~/.ssh等敏感路径)
✓ 无数据外泄行为(所有网络请求仅发送至用户配置的DeepLX端点)
✓ 无远程代码执行能力(不使用subprocess/os.system)
✓ 使用Chrome CDP合法抓取,数据存储于本地SQLite
✓ 代码结构清晰,逻辑正常