中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:20 hr ago Rescan
20 /100
wechat-reader
读取微信公众号文章内容,返回标题、公众号名、发布时间和正文
A legitimate WeChat public account article scraping tool using only Python standard library; no malicious behavior confirmed, but contains suspicious hardcoded IP address in User-Agent with no evidence of actual exfiltration.
Skill Namewechat-reader
Duration37.7s
Enginepi
Safe to install
Acceptable for use as a web scraping utility. The hardcoded IP address (120.0.0.0) should be removed from the User-Agent string to eliminate ambiguity.

Findings 2 items

Severity Finding Location
Medium
Suspicious hardcoded IP address in User-Agent Data Exfil
The User-Agent header contains a hardcoded IP address '120.0.0.0' which is in the private IP range (Class A). While the script only makes outgoing requests to user-supplied URLs, this IP address could serve as a tagging mechanism for requests (correlation tracking) or be replaced with a real IP for data exfiltration. No active exfiltration was observed in this analysis.
"User-Agent": "Mozilla/5.0 ... Chrome/120.0.0.0 Safari/537.36"
→ Replace the hardcoded IP in the Chrome version string with a legitimate version number (e.g., Chrome/120.0.0.0 is already a valid format). If the IP is intentional tagging infrastructure, document it or remove it entirely.
 scripts/read_wechat.py:22
Low
Undeclared network capability Doc Mismatch
SKILL.md describes the tool's behavior but does not explicitly declare that the skill makes HTTP network requests. While this is implied by the mp.weixin.qq.com URL handling, explicit declaration of network:READ would improve transparency.
SKILL.md lacks any mention of network permissions
→ Add a capabilities section to SKILL.md declaring 'network:READ' for fetching WeChat articles.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Network NONE READ ✓ Aligned scripts/read_wechat.py:20-24 urllib.request.Request + urlopen
Filesystem NONE NONE No filesystem access detected
Shell NONE NONE No subprocess or shell invocation
1 High 1 findings
📡
High IP Address 硬编码 IP 地址
120.0.0.0
scripts/read_wechat.py:22

File Tree

2 files · 5.9 KB · 177 lines
Python 1f · 139L Markdown 1f · 38L
├─ 📁 scripts
│ └─ 🐍 read_wechat.py Python 139L · 4.6 KB
└─ 📝 SKILL.md Markdown 38L · 1.3 KB

Security Positives

✓ Uses only Python standard library (urllib.request, re, json, html) — no external dependencies
✓ No credential harvesting or environment variable access
✓ No subprocess or shell command execution
✓ No base64, eval, or obfuscation techniques
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ Request goes only to user-supplied mp.weixin.qq.com URLs
✓ No data exfiltration to external servers observed
✓ Functionality matches stated purpose in SKILL.md