中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:2 天前 重新扫描
0 /100
cosmetics-advisor-pengleni
Pengleni beauty assistant skill via SMS login/session APIs for AI virtual try-on, makeup analysis, and beauty Q&A
Legitimate beauty assistant chat API client with proper session management, HTML sanitization, and no malicious indicators.
技能名称cosmetics-advisor-pengleni
分析耗时27.1s
引擎pi
可以安装
This skill is safe for use. No security concerns identified.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 All Python files: urllib.request.Request() for HTTP POST
环境变量 READ READ ✓ 一致 client_common.py:37 require_env() reads os.environ
文件系统 READ READ ✓ 一致 client_common.py:101-112 load_session()/save_session() only touch .env and .sess…
命令执行 NONE NONE No subprocess, os.system, or shell execution found
技能调用 NONE NONE No dynamic skill invocation detected
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation detected
数据库 NONE NONE No database access found
2 项发现
🔗
中危 外部 URL 外部 URL
https://www.zhibianai.com
SKILL.md:39
🔗
中危 外部 URL 外部 URL
https://www.zhibianai.com/api/v1/clawhub
SKILL.md:40

目录结构

5 文件 · 18.9 KB · 606 行
Python 4f · 464L Markdown 1f · 142L
├─ 🐍 chat_client.py Python 147L · 4.8 KB
├─ 🐍 client_common.py Python 180L · 5.2 KB
├─ 🐍 login_client.py Python 85L · 2.6 KB
├─ 🐍 send_code_client.py Python 52L · 1.5 KB
└─ 📝 SKILL.md Markdown 142L · 4.8 KB

依赖分析 1 项

包名版本来源已知漏洞备注
Python Standard Library N/A stdlib Uses only built-in modules: urllib, json, html, argparse, os, sys, socket

安全亮点

✓ Uses only Python standard library (urllib, json, html, argparse) - no external dependencies
✓ HTML escaping via html.escape() prevents XSS in text_to_html_payload()
✓ SKILL.md section 6 documents security constraints (script/style/iframe tag blocking)
✓ Bearer token authentication is standard practice for API security
✓ Session management writes only user_id/session_id, not sensitive credentials
✓ Proper error handling with standardized error responses
✓ Timeout configuration prevents indefinite hangs
✓ Input validation through argparse for all CLI parameters