Scan Report
5 /100
daily-medium
Fetch and summarize Medium Daily Digest emails from Gmail
Legitimate Gmail-based Medium digest fetcher with no malicious behavior detected. All functionality is accurately documented in SKILL.md.
Safe to install
This skill is safe to use. Ensure Gmail App Passwords are stored securely and not committed to version control.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | IMAP4_SSL connection to imap.gmail.com |
| Environment | READ | READ | ✓ Aligned | os.environ.get('EMAIL_ADDRESS'), os.environ.get('EMAIL_PASSWORD') |
| Filesystem | NONE | NONE | — | N/A - No file operations |
| Shell | NONE | NONE | — | N/A - No subprocess or shell commands |
4 findings
Medium External URL 外部 URL
https://medium.com/@username/article-slug SKILL.md:64 Medium External URL 外部 URL
https://freedium-mirror.cfd/https://medium.com/@username/article-slug SKILL.md:65 Medium External URL 外部 URL
https://freedium-mirror.cfd/ scripts/fetch_medium.py:137 Info Email 邮箱地址
[email protected] SKILL.md:17 File Tree
2 files · 7.8 KB · 253 lines Python 1f · 160L
Markdown 1f · 93L
├─
▾
scripts
│ └─
fetch_medium.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (imaplib, email, re, os) - no supply chain risk
✓ IMAP connection uses SSL (IMAP4_SSL) for secure transport
✓ Code functionality fully matches SKILL.md documentation
✓ Credentials read from environment variables (appropriate pattern)
✓ No credential exfiltration - credentials used only for Gmail authentication
✓ No obfuscation, base64 payloads, or suspicious encoding
✓ No file system access beyond what Python imports require
✓ No external script downloads or shell command execution
✓ Regex-based URL extraction is appropriate for the stated purpose