Scan Report
15 /100
feishu-english-game
Run a Feishu or Lark English game with lightweight group-chat interaction including vocab, guess, and speaking modes
Legitimate Feishu English game skill with clean code, declared external API usage, and only minor dependency pinning issue.
Safe to install
Pin the requests library version in a requirements.txt or pyproject.toml for supply chain stability.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned requests dependency Supply Chain | scripts/asr_transcribe.py:12 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | asr_transcribe.py:73 - os.path.isfile() for validation |
| Network | READ | READ | ✓ Aligned | asr_transcribe.py:80 - requests.post() to senseaudio.cn |
| Shell | NONE | NONE | — | No shell access observed |
1 findings
Medium External URL 外部 URL
https://api.senseaudio.cn SKILL.md:222 File Tree
7 files · 14.9 KB · 572 lines Markdown 4f · 391L
Python 2f · 178L
YAML 1f · 3L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ ├─
asr_provider_notes.md
Markdown
│ ├─
integration_cn.md
Markdown
│ └─
modes_cn.md
Markdown
├─
▾
scripts
│ ├─
asr_transcribe.py
Python
│ └─
english_game.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Version not pinned |
Security Positives
✓ All external network access (senseaudio.cn) is declared in SKILL.md
✓ API key usage is limited to legitimate service authentication
✓ No credential exfiltration or data theft behavior
✓ No obfuscation techniques (base64, eval, etc.)
✓ No sensitive file access beyond audio file validation
✓ Clean, readable code with proper error handling
✓ No hidden functionality - documentation matches implementation
✓ Audio files are validated with os.path.isfile() before processing