中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:19 小时前 重新扫描
15 /100
feishu-english-game
Run a Feishu or Lark English game with lightweight group-chat interaction including vocab, guess, and speaking modes
Legitimate Feishu English game skill with clean code, declared external API usage, and only minor dependency pinning issue.
技能名称feishu-english-game
分析耗时33.5s
引擎pi
可以安装
Pin the requests library version in a requirements.txt or pyproject.toml for supply chain stability.

安全发现 1 项

严重性 安全发现 位置
低危
Unpinned requests dependency 供应链
The requests library is used without version constraints, which could lead to unexpected behavior if a malicious or buggy version is installed.
import requests
→ Add a requirements.txt or pin requests version in pyproject.toml, e.g., requests>=2.28.0,<3.0.0
 scripts/asr_transcribe.py:12
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 asr_transcribe.py:73 - os.path.isfile() for validation
网络访问 READ READ ✓ 一致 asr_transcribe.py:80 - requests.post() to senseaudio.cn
命令执行 NONE NONE No shell access observed
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.senseaudio.cn
SKILL.md:222

目录结构

7 文件 · 14.9 KB · 572 行
Markdown 4f · 391L Python 2f · 178L YAML 1f · 3L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 3L · 186 B
├─ 📁 references
│ ├─ 📝 asr_provider_notes.md Markdown 32L · 802 B
│ ├─ 📝 integration_cn.md Markdown 82L · 1.6 KB
│ └─ 📝 modes_cn.md Markdown 46L · 884 B
├─ 📁 scripts
│ ├─ 🐍 asr_transcribe.py Python 100L · 2.9 KB
│ └─ 🐍 english_game.py Python 78L · 2.1 KB
└─ 📝 SKILL.md Markdown 231L · 6.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests * pip Version not pinned

安全亮点

✓ All external network access (senseaudio.cn) is declared in SKILL.md
✓ API key usage is limited to legitimate service authentication
✓ No credential exfiltration or data theft behavior
✓ No obfuscation techniques (base64, eval, etc.)
✓ No sensitive file access beyond audio file validation
✓ Clean, readable code with proper error handling
✓ No hidden functionality - documentation matches implementation
✓ Audio files are validated with os.path.isfile() before processing