扫描报告
5 /100
ifly-text-proofread
iFlytek Official Document Proofreading - detect and correct errors in Chinese text including typos, punctuation, word order, factual mistakes, sensitive content, and more
Legitimate iFlytek document proofreading skill using standard HTTP API calls with HMAC-SHA256 authentication. No malicious behavior detected; all capabilities are properly declared.
可以安装
This skill is safe to use. Ensure environment variables (IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET) are properly secured and not logged.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | text_proofread.py:232 -- reads files with --file flag |
| 网络访问 | READ | READ | ✓ 一致 | text_proofread.py:173 -- HTTP POST to iFlytek API |
| 环境变量 | READ | READ | ✓ 一致 | text_proofread.py:212-214 -- reads IFLY_* credentials |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 剪贴板 | READ | READ | ✓ 一致 | SKILL.md:38 -- supports pipe from stdin |
5 项发现
中危 外部 URL 外部 URL
https://console.xfyun.cn SKILL.md:18 中危 外部 URL 外部 URL
https://cn-huadong-1.xf-yun.com/v1/private/s37b42a45 SKILL.md:85 中危 外部 URL 外部 URL
https://console.xfyun.cn/services/s37b42a45 SKILL.md:139 中危 外部 URL 外部 URL
https://www.xfyun.cn/services/textCorrectionOfficial?target=price SKILL.md:185 中危 外部 URL 外部 URL
https://www.xfyun.cn/services/textCorrectionOfficial SKILL.md:199 目录结构
2 文件 · 17.6 KB · 503 行 Python 1f · 298L
Markdown 1f · 205L
├─
▾
scripts
│ └─
text_proofread.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
stdlib-only | N/A | Python standard library | 否 | No pip dependencies - uses only urllib, hmac, hashlib, json, base64, datetime |
安全亮点
✓ Uses only Python standard library (urllib, hmac, hashlib, json) - no external pip dependencies
✓ All external communications go to declared iFlytek API endpoints only
✓ Credentials read only from environment variables for authentication, not exfiltrated
✓ Code is clean, readable, and follows clear structure
✓ No obfuscation, no base64 execution, no shell commands
✓ File access is limited to reading (--file flag) for proofreading input
✓ Text truncation at 220,000 chars prevents DoS via oversized input
✓ Proper error handling with informative error messages