扫描报告
5 /100
daily-medium
Fetch and summarize Medium Daily Digest emails from Gmail
Legitimate Gmail-based Medium digest fetcher with no malicious behavior detected. All functionality is accurately documented in SKILL.md.
可以安装
This skill is safe to use. Ensure Gmail App Passwords are stored securely and not committed to version control.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | IMAP4_SSL connection to imap.gmail.com |
| 环境变量 | READ | READ | ✓ 一致 | os.environ.get('EMAIL_ADDRESS'), os.environ.get('EMAIL_PASSWORD') |
| 文件系统 | NONE | NONE | — | N/A - No file operations |
| 命令执行 | NONE | NONE | — | N/A - No subprocess or shell commands |
4 项发现
中危 外部 URL 外部 URL
https://medium.com/@username/article-slug SKILL.md:64 中危 外部 URL 外部 URL
https://freedium-mirror.cfd/https://medium.com/@username/article-slug SKILL.md:65 中危 外部 URL 外部 URL
https://freedium-mirror.cfd/ scripts/fetch_medium.py:137 提示 邮箱 邮箱地址
[email protected] SKILL.md:17 目录结构
2 文件 · 7.8 KB · 253 行 Python 1f · 160L
Markdown 1f · 93L
├─
▾
scripts
│ └─
fetch_medium.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Python standard library (imaplib, email, re, os) - no supply chain risk
✓ IMAP connection uses SSL (IMAP4_SSL) for secure transport
✓ Code functionality fully matches SKILL.md documentation
✓ Credentials read from environment variables (appropriate pattern)
✓ No credential exfiltration - credentials used only for Gmail authentication
✓ No obfuscation, base64 payloads, or suspicious encoding
✓ No file system access beyond what Python imports require
✓ No external script downloads or shell command execution
✓ Regex-based URL extraction is appropriate for the stated purpose