Scan Report
5 /100
kuaishou-genius-actual
API testing tool for Kuaishou Genius budget/actual data flow
This is a legitimate internal Kuaishou API testing/analysis tool with no malicious behavior detected. All functionality is clearly documented and implemented as stated.
Safe to install
This skill is safe to use. Ensure users provide only their own session cookies and avoid sharing credentials across untrusted environments.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | genius_client.py:50 urllib.request.urlopen |
| Shell | WRITE | WRITE | ✓ Aligned | genius_api_probe.sh:25 curl commands |
2 findings
Medium External URL 外部 URL
https://genius.corp.kuaishou.com SKILL.md:24 Medium External URL 外部 URL
https://genius.corp.kuaishou.com/management-yearly/actual SKILL.md:102 File Tree
6 files · 15.4 KB · 423 lines Python 1f · 211L
Markdown 1f · 156L
Shell 1f · 53L
JSON 3f · 3L
├─
▾
scripts
│ ├─
detail_2026_group.json
JSON
│ ├─
detail.json
JSON
│ ├─
genius_api_probe.sh
Shell
│ ├─
genius_client.py
Python
│ └─
products.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No obfuscation or encoded payloads detected
✓ No credential harvesting from environment variables
✓ No data exfiltration or C2 communication
✓ No subprocess/eval/exec patterns found
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ All network requests target documented internal Kuaishou domain only
✓ Code is clean, readable Python and shell with no hidden functionality
✓ No supply chain risks - uses only stdlib urllib and standard curl
✓ Documentation accurately describes all implemented functionality