中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
gusnais-skill
Gusnais (Ruby-China/Homeland compatible) API integration with OAuth and plugin domain operations
This is a legitimate Gusnais/Ruby-China forum API integration skill with standard OAuth authentication and plugin domain operations. No malicious behavior detected.
技能名称gusnais-skill
分析耗时29.6s
引擎pi
可以安装
This skill is safe to use. No security concerns identified.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 Both scripts use requests to communicate with hardcoded https://gusnais.com
文件系统 WRITE WRITE ✓ 一致 write_token_store() in gusnais_bootstrap.py line 134; save() in gusnais_plugin_c…
环境变量 NONE READ ✓ 一致 Both scripts read CLIENT_ID, CLIENT_SECRET, etc. from os.environ, which is stand…
1 项发现
🔗
中危 外部 URL 外部 URL
https://gusnais.com
SKILL.md:18

目录结构

5 文件 · 30.5 KB · 891 行
Python 2f · 549L Markdown 3f · 342L
├─ 📁 references
│ ├─ 📝 endpoints.md Markdown 164L · 4.2 KB
│ └─ 📝 permission-parity.md Markdown 66L · 2.3 KB
├─ 📁 scripts
│ ├─ 🐍 gusnais_bootstrap.py Python 230L · 7.1 KB
│ └─ 🐍 gusnais_plugin_client.py Python 319L · 12.6 KB
└─ 📝 SKILL.md Markdown 112L · 4.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests * pip Version not pinned; standard library with no security impact in this context

安全亮点

✓ SKILL.md accurately describes all functionality implemented in scripts
✓ All network requests are to hardcoded, whitelisted domain https://gusnais.com
✓ Credentials (CLIENT_ID, CLIENT_SECRET) are user-provided inputs, not harvested
✓ Token store file is written with restrictive permissions (chmod 0o600)
✓ No shell execution, subprocess, or command injection vectors
✓ No obfuscation, base64 payloads, or hidden functionality
✓ OAuth flow is a standard, well-structured implementation
✓ No data exfiltration or C2 communication patterns
✓ Plugin API client has proper error handling and capability gating
✓ No supply chain risks beyond unpinned requests dependency