扫描报告
5 /100
interview-question-gen
Generate a structured Feishu interview question document from a candidate's resume, then append a comprehensive evaluation after receiving the interview transcript.
Pure documentation/macro skill with no executable code, no scripts, no dependencies, and no security-relevant behavior. All stated capabilities are appropriate for a Feishu-integrated interview workflow.
可以安装
This skill is safe to use. No security concerns identified. If deploying, ensure the referenced feishu_bot_doc.mjs script is reviewed separately.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md describes reading PDF resumes and rendering them with PyMuPDF |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md fetches a Feishu product framework wiki page before generating question… |
| 技能调用 | READ | READ | ✓ 一致 | SKILL.md instructs reading Feishu docs via feishu_doc read/append actions |
| 命令执行 | NONE | NONE | — | No shell usage in any file. Bash command in SKILL.md references an external scri… |
| 剪贴板 | NONE | READ | ✓ 一致 | SKILL.md accepts pasted interview transcripts as text blocks — implied minimal c… |
| 数据库 | NONE | NONE | — | No database access referenced or present |
| 环境变量 | NONE | NONE | — | No environment variable access in any file |
1 项发现
中危 外部 URL 外部 URL
https://wepie.feishu.cn/wiki/Q62TwQ3Fsi5Q8kkc0iDcINsSnno SKILL.md:28 目录结构
4 文件 · 11.5 KB · 270 行 Markdown 3f · 264L
JSON 1f · 6L
├─
▾
references
│ ├─
evaluation-template.md
Markdown
│ └─
question-template.md
Markdown
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present — skill is pure documentation and templates
✓ No dependencies (no requirements.txt, package.json, Cargo.toml, or similar)
✓ No credential harvesting, API key access, or environment variable enumeration
✓ No data exfiltration channels (no network POSTs, no external IP connections)
✓ No obfuscation techniques (no base64, no eval, no dynamic code generation)
✓ No suspicious IOCs (no hardcoded IPs, no DNS callbacks, no C2 indicators)
✓ All external URLs are legitimate Feishu endpoints appropriate to the workflow
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env, or similar paths)
✓ No supply chain risks (no third-party packages or scripts)
✓ Documentation accurately describes the intended workflow with no hidden functionality