company-information 安全扫描报告 — 低风险 | ClawSafe

20 /100

company-information

企业舆情监测与风险预警技能 - Enterprise sentiment monitoring and risk early warning skill

Legitimate enterprise sentiment monitoring skill with minor concerns about hardcoded IP address and broad API endpoint documentation.

技能名称company-information

分析耗时33.8s

引擎pi

✓

可以安装

Consider using domain name instead of hardcoded IP for API endpoint. Verify FEEDAX API provider legitimacy before production use.

安全发现 2 项

严重性	安全发现	位置
中危	Hardcoded IP Address API endpoint uses hardcoded IP address (221.6.15.90:18011) instead of domain name. This is unusual for commercial APIs and could indicate non-reputable service. `FEEDAX_BASE_URL = "http://221.6.15.90:18011"` → Use domain name for API endpoint. Verify FEEDAX service legitimacy before deployment.	`scripts/query_company_information.py:33`
低危	API Key Configuration Flexibility Script accepts API key from multiple sources (env var, config file, CLI arg) which increases attack surface slightly. `Multiple API key configuration methods` → Document security guidelines for API key handling in production environments.	`scripts/query_company_information.py:340`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	requests.post() to FEEDAX API
文件系统	`WRITE`	`WRITE`	✓ 一致	generate_csv() and generate_description() functions write CSV/MD files
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md documents CLI usage with python3 scripts/
环境变量	`READ`	`READ`	✓ 一致	os.environ.get('FEEDAX_API_KEY') - only reads provided API key
技能调用	`NONE`	`NONE`	—	No skill invocation detected

1 高危 8 项发现

📡

高危 IP 地址硬编码 IP 地址

221.6.15.90

README.md:225

🔗

中危外部 URL 外部 URL

https://blog.gitee.com

README.en.md:32

🔗

中危外部 URL 外部 URL

https://gitee.com/explore

README.en.md:33

🔗

中危外部 URL 外部 URL

https://gitee.com/gvp

README.en.md:34

🔗

中危外部 URL 外部 URL

https://gitee.com/help

README.en.md:35

🔗

中危外部 URL 外部 URL

https://gitee.com/gitee-stars/

README.en.md:36

🔗

中危外部 URL 外部 URL

https://www.feedax.cn

README.md:21

🔗

中危外部 URL 外部 URL

http://221.6.15.90:18011

scripts/query_company_information.py:35

目录结构

4 文件 · 43.2 KB · 1358 行

Markdown 3f · 843L Python 1f · 515L

├─ ▾ 📁 scripts

│ └─ 🐍 query_company_information.py Python 515L · 19.8 KB

├─ 📝 README.en.md Markdown 36L · 963 B

├─ 📝 README.md Markdown 237L · 6.4 KB

└─ 📝 SKILL.md Markdown 570L · 16.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned - consider pinning for reproducibility

安全亮点

✓ Code is readable and matches documented functionality

✓ No credential exfiltration - API keys only used for authentication

✓ No reverse shell, C2, or data theft patterns detected

✓ Filesystem access limited to output directory (CSV/MD files)

✓ No hidden functionality or suspicious code patterns

✓ Uses standard requests library for HTTP calls

✓ Proper error handling with timeout and exception management