扫描报告
5 /100
vn-stock-scanner
Vietnamese stock market analysis skill for VN-Index, HoSE, HNX, UPCoM - fetches financial news and ticker data
Legitimate Vietnamese stock market data scanner that fetches public financial information from CafeF and TCBS public APIs without any malicious behavior.
可以安装
No action required. The skill performs as documented, accessing only public financial data sources.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Hardcoded home directory path in documentation 文档欺骗 | SKILL.md:10 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | scripts/scanner.py:11,39 - fetches public RSS/API data |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:10 - executes scanner.py via exec tool |
| 文件系统 | NONE | NONE | — | No file read/write operations in scanner.py |
| 环境变量 | NONE | NONE | — | No environment variable access in scanner.py |
2 项发现
中危 外部 URL 外部 URL
https://cafef.vn/tin-tuc-su-kien.rss scripts/scanner.py:11 中危 外部 URL 外部 URL
https://apipubaws.tcbs.com.vn/tcanalysis/v1/ticker/ scripts/scanner.py:39 目录结构
2 文件 · 5.3 KB · 103 行 Python 1f · 78L
Markdown 1f · 25L
├─
▾
scripts
│ └─
scanner.py
Python
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | * | pip | 否 | Standard library, version not pinned but no known vulnerabilities in this usage |
urllib3 | * | pip (requests dep) | 否 | Standard dependency |
安全亮点
✓ Uses only legitimate, well-known Vietnamese financial data sources (CafeF, TCBS)
✓ No credential theft or sensitive data access
✓ No data exfiltration to external servers beyond declared APIs
✓ No obfuscation, base64 encoding, or suspicious code patterns
✓ No network requests to suspicious IPs or domains
✓ No supply chain risks - uses only standard libraries (requests, json, xml.etree)
✓ Functionality matches documentation - fetches stock ticker info and news as declared
✓ No persistence mechanisms or backdoors installed
✓ Requests library properly configured with timeouts and user-agent