扫描报告
5 /100
kuaishou-genius-actual
API testing tool for Kuaishou Genius budget/actual data flow
This is a legitimate internal Kuaishou API testing/analysis tool with no malicious behavior detected. All functionality is clearly documented and implemented as stated.
可以安装
This skill is safe to use. Ensure users provide only their own session cookies and avoid sharing credentials across untrusted environments.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | genius_client.py:50 urllib.request.urlopen |
| 命令执行 | WRITE | WRITE | ✓ 一致 | genius_api_probe.sh:25 curl commands |
2 项发现
中危 外部 URL 外部 URL
https://genius.corp.kuaishou.com SKILL.md:24 中危 外部 URL 外部 URL
https://genius.corp.kuaishou.com/management-yearly/actual SKILL.md:102 目录结构
6 文件 · 15.4 KB · 423 行 Python 1f · 211L
Markdown 1f · 156L
Shell 1f · 53L
JSON 3f · 3L
├─
▾
scripts
│ ├─
detail_2026_group.json
JSON
│ ├─
detail.json
JSON
│ ├─
genius_api_probe.sh
Shell
│ ├─
genius_client.py
Python
│ └─
products.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No obfuscation or encoded payloads detected
✓ No credential harvesting from environment variables
✓ No data exfiltration or C2 communication
✓ No subprocess/eval/exec patterns found
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ All network requests target documented internal Kuaishou domain only
✓ Code is clean, readable Python and shell with no hidden functionality
✓ No supply chain risks - uses only stdlib urllib and standard curl
✓ Documentation accurately describes all implemented functionality