中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:19 小时前 重新扫描
5 /100
send-file
发送文件到消息平台(飞书、Telegram、Discord等)
Legitimate file-sending skill for Feishu with properly declared permissions and no malicious behavior.
技能名称send-file
分析耗时33.4s
引擎pi
可以安装
Skill is safe for use. No security concerns identified.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 Python reads files for upload only; shell script validates file existence
网络访问 READ READ ✓ 一致 Makes POST requests to open.feishu.cn API endpoints
环境变量 READ READ ✓ 一致 Reads FEISHU_APP_ID and FEISHU_APP_SECRET from os.environ
命令执行 NONE NONE No subprocess or shell execution observed
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
4 项发现
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/app
SKILL.md:33
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal
SKILL.md:133
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/files
SKILL.md:141
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id
SKILL.md:150

目录结构

3 文件 · 13.4 KB · 476 行
Markdown 1f · 244L Python 1f · 156L Shell 1f · 76L
├─ 📁 scripts
│ ├─ 🐍 send_feishu_file.py Python 156L · 4.9 KB
│ └─ 🔧 send_file.sh Shell 76L · 2.1 KB
└─ 📝 SKILL.md Markdown 244L · 6.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests * pip Version not pinned but no security impact in this context

安全亮点

✓ All credential access (FEISHU_APP_ID, FEISHU_APP_SECRET) is properly declared in SKILL.md
✓ Network requests are exclusively to legitimate Feishu API endpoints (open.feishu.cn)
✓ No credential exfiltration - tokens stay local for API authentication only
✓ File access is limited to reading files for upload, no sensitive path access
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No subprocess or shell execution in Python code
✓ Shell script is a simple file validation utility with no malicious intent
✓ Clean, readable code with proper error handling