中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 50/100
Last scan:17 hr ago Rescan
50 /100
fund-daily
自动生成基金日报,包含持仓基金数据、估值涨跌、单位净值和财经要闻
Skill performs multiple undeclared network requests and subprocess execution, with hardcoded credentials exposed in source code.
Skill Namefund-daily
Duration57.8s
Enginepi
Use with caution
1) Declare network:READ and network:WRITE permissions for API calls; 2) Document subprocess usage in SKILL.md; 3) Move Telegram credentials to environment variables instead of hardcoding; 4) Pin dependency versions in requirements.txt

Findings 5 items

Severity Finding Location
Medium
Undeclared network API access Doc Mismatch
SKILL.md declares no network permissions but the script makes HTTP GET requests to multiple external APIs (天天基金网, Telegram) to fetch fund data and send messages.
response = requests.get(url, headers=headers, timeout=10)
→ Declare network:READ for API data fetching and network:WRITE for Telegram notifications in SKILL.md
 fund_daily.py:155
Medium
Undeclared subprocess execution Doc Mismatch
Script uses subprocess.run() to execute a local Python script for news aggregation without documenting this behavior. The target path is hardcoded to a specific Windows user directory.
subprocess.run(['python', script_path, 'category', '--cat', 'securities', '--limit', str(limit)])
→ Document shell:WRITE permission and the dependency on news-market skill
 fund_daily.py:157
Medium
Hardcoded Telegram credentials Credential Theft
Telegram bot token and chat ID are hardcoded directly in the source code. This exposes sensitive credentials and violates secure coding practices.
TELEGRAM_BOT_TOKEN = "8599058765:AAH_4PW048zLJxGQ2BosnG2uh3bRwAeu8XA"
→ Move credentials to environment variables: os.environ.get('TELEGRAM_BOT_TOKEN')
 fund_daily.py:85
Low
Undeclared filesystem write operation Doc Mismatch
Script writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE permission in SKILL.md.
os.makedirs(output_dir)
doc.save(output_path)
→ Declare filesystem:WRITE permission for Word document generation
 fund_daily.py:340
Low
Unpinned Python dependencies Supply Chain
requirements.txt specifies 'requests' and 'python-docx' without version constraints, potentially allowing malicious replacement if package is typosquatted.
requests
python-docx
→ Pin versions: requests>=2.28.0, python-docx>=0.8.11
 requirements.txt:1
ResourceDeclaredInferredStatusEvidence
Network NONE READ+WRITE ✗ Violation fund_daily.py:155-163 (HTTP requests to fundgz.1234567.com.cn, api.fund.eastmone…
Shell NONE WRITE ✗ Violation fund_daily.py:155-163 (subprocess.run() executes python script)
Filesystem NONE WRITE ✗ Violation fund_daily.py:340-348 (creates directories and saves Word documents)
Skill Invoke NONE READ ✗ Violation fund_daily.py:155 (invokes news-market skill script)
4 findings
🔗
Medium External URL 外部 URL
http://fundgz.1234567.com.cn/js/
fund_daily.py:155
🔗
Medium External URL 外部 URL
http://fund.eastmoney.com/
fund_daily.py:158
🔗
Medium External URL 外部 URL
http://api.fund.eastmoney.com/f10/lsjz
fund_daily.py:216
🔗
Medium External URL 外部 URL
https://api.telegram.org/bot
fund_daily.py:309

File Tree

4 files · 27.2 KB · 950 lines
Python 1f · 581L Markdown 2f · 367L Text 1f · 2L
├─ 🐍 fund_daily.py Python 581L · 20.3 KB
├─ 📝 README.md Markdown 145L · 2.5 KB
├─ 📄 requirements.txt Text 2L · 21 B
└─ 📝 SKILL.md Markdown 222L · 4.3 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
requests * pip No Version not pinned - risk of supply chain attack
python-docx * pip No Version not pinned - risk of supply chain attack

Security Positives

✓ No evidence of credential harvesting beyond required Telegram tokens
✓ No base64-encoded or obfuscated code detected
✓ No reverse shell or C2 communication patterns found
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No hidden functionality beyond legitimate fund data fetching
✓ Subprocess usage serves documented feature (news aggregation) rather than malicious purpose