中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
wemp-ops
微信公众号全流程运营技能:选题→采集→写作→排版→发布→数据分析→评论管理
Legitimate WeChat Official Account content management skill with no malicious behavior detected. The pre-scan flag for hardcoded IP is a false positive — 120.0.0.0 is a Chrome version number in the User-Agent string, not an IP address.
Skill Namewemp-ops
Duration55.1s
Enginepi
Safe to install
Skill is safe to use. Optionally move WeChat credentials from config/default.json to environment variables for easier credential rotation.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md documents node/publisher.mjs, python3/markdown_to_html.py, node/setup.m…
Network READ READ ✓ Aligned All network requests are to legitimate services: api.weixin.qq.com (WeChat API),…
Filesystem READ WRITE ✓ Aligned SKILL.md documents writing drafts (draft-v1.md), saving plans (illustration-plan…
Environment NONE NONE No os.environ iteration, no credential harvesting from environment
Skill Invoke NONE NONE Skill may reference xiaohongshu-ops for cross-platform distribution but this is …
Browser NONE READ ✓ Aligned SKILL.md documents browser screenshot for cover image (Method C) and product scr…
1 High 43 findings
📡
High IP Address 硬编码 IP 地址
120.0.0.0
scripts/fetch_news.py:11
🔗
Medium External URL 外部 URL
https://simonwillison.net/2025/...
references/weixin-constraints.md:71
🔗
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/...
references/weixin-constraints.md:72
🔗
Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing
references/writing-techniques.md:161
🔗
Medium External URL 外部 URL
https://hacker-news.firebaseio.com/v0/topstories.json
scripts/fetch_news.py:51
🔗
Medium External URL 外部 URL
https://hacker-news.firebaseio.com/v0/item/
scripts/fetch_news.py:55
🔗
Medium External URL 外部 URL
https://news.ycombinator.com/item?id=
scripts/fetch_news.py:57
🔗
Medium External URL 外部 URL
https://www.v2ex.com/api/topics/hot.json
scripts/fetch_news.py:70
🔗
Medium External URL 外部 URL
https://s.weibo.com/top/summary?cate=realtimehot
scripts/fetch_news.py:76
🔗
Medium External URL 外部 URL
https://s.weibo.com/top/summary
scripts/fetch_news.py:76
🔗
Medium External URL 外部 URL
https://s.weibo.com
scripts/fetch_news.py:82
🔗
Medium External URL 外部 URL
https://www.zhihu.com/api/v3/feed/topstory/hot-list-web?limit=50&desktop=true
scripts/fetch_news.py:86
🔗
Medium External URL 外部 URL
https://gateway.36kr.com/api/mis/nav/newsflash/flow
scripts/fetch_news.py:95
🔗
Medium External URL 外部 URL
https://36kr.com/newsflashes/
scripts/fetch_news.py:100
🔗
Medium External URL 外部 URL
https://top.baidu.com/board?tab=realtime
scripts/fetch_news.py:104
🔗
Medium External URL 外部 URL
https://www.baidu.com/s?wd=
scripts/fetch_news.py:108
🔗
Medium External URL 外部 URL
https://api.juejin.cn/recommend_api/v1/article/recommend_all_feed
scripts/fetch_news.py:112
🔗
Medium External URL 外部 URL
https://juejin.cn/post/
scripts/fetch_news.py:118
🔗
Medium External URL 外部 URL
https://sspai.com/api/v1/article/index/page/get?limit=20&offset=0&created_at=0
scripts/fetch_news.py:122
🔗
Medium External URL 外部 URL
https://sspai.com/post/
scripts/fetch_news.py:124
🔗
Medium External URL 外部 URL
https://www.ithome.com/
scripts/fetch_news.py:128
🔗
Medium External URL 外部 URL
https://www\.ithome\.com/\d+/\d+/\d+/\d+\.htm
scripts/fetch_news.py:131
🔗
Medium External URL 外部 URL
https://www.producthunt.com/
scripts/fetch_news.py:136
🔗
Medium External URL 外部 URL
https://www.producthunt.com/posts/
scripts/fetch_news.py:140
🔗
Medium External URL 外部 URL
https://api.bilibili.com/x/web-interface/ranking/v2?rid=0&type=all
scripts/fetch_news.py:144
🔗
Medium External URL 外部 URL
https://www.bilibili.com/video/
scripts/fetch_news.py:146
🔗
Medium External URL 外部 URL
https://www.douyin.com/aweme/v1/web/hot/search/list/
scripts/fetch_news.py:150
🔗
Medium External URL 外部 URL
https://www.douyin.com/
scripts/fetch_news.py:150
🔗
Medium External URL 外部 URL
https://www.douyin.com/search/
scripts/fetch_news.py:154
🔗
Medium External URL 外部 URL
https://www.toutiao.com/hot-event/hot-board/?origin=toutiao_pc
scripts/fetch_news.py:158
🔗
Medium External URL 外部 URL
https://r.inews.qq.com/gw/event/hot_ranking_list?page_size=50
scripts/fetch_news.py:164
🔗
Medium External URL 外部 URL
https://cache.thepaper.cn/contentapi/wwwIndex/rightSidebar
scripts/fetch_news.py:170
🔗
Medium External URL 外部 URL
https://www.thepaper.cn/newsDetail_forward_
scripts/fetch_news.py:172
🔗
Medium External URL 外部 URL
https://bbs.hupu.com/all-gambia
scripts/fetch_news.py:176
🔗
Medium External URL 外部 URL
https://bbs.hupu.com
scripts/fetch_news.py:180
🔗
Medium External URL 外部 URL
https://api-one-wscn.awtmt.com/apiv1/content/lives?channel=global-channel&limit=30
scripts/fetch_news.py:184
🔗
Medium External URL 外部 URL
https://wallstreetcn.com/live/
scripts/fetch_news.py:186
🔗
Medium External URL 外部 URL
https://www.cls.cn/nodeapi/updateTelegraphList?app=CailianpressWeb&os=web&rn=
scripts/fetch_news.py:190
🔗
Medium External URL 外部 URL
https://www.cls.cn/detail/
scripts/fetch_news.py:195
🔗
Medium External URL 外部 URL
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$
scripts/lib/utils.mjs:105
🔗
Medium External URL 外部 URL
https://api.weixin.qq.com$
scripts/lib/utils.mjs:116
🔗
Medium External URL 外部 URL
https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket=$
scripts/lib/utils.mjs:389
🔗
Medium External URL 外部 URL
https://www.python.org/downloads/
scripts/setup.mjs:30

File Tree

28 files · 170.4 KB · 4313 lines
Markdown 13f · 2521L JavaScript 8f · 1111L Python 2f · 534L JSON 5f · 147L
├─ 📁 assets
│ └─ 📁 templates
│ ├─ 📋 business.json JSON 27L · 2.1 KB
│ ├─ 📋 minimal.json JSON 27L · 1.9 KB
│ └─ 📋 tech.json JSON 27L · 2.1 KB
├─ 📁 config
│ └─ 📋 default.json JSON 25L · 527 B
├─ 📁 evals
│ ├─ 📁 results
│ │ ├─ 📝 article-with-skill.md Markdown 34L · 1.8 KB
│ │ └─ 📝 article-without-skill.md Markdown 28L · 1.3 KB
│ └─ 📋 evals.json JSON 41L · 2.0 KB
├─ 📁 references
│ ├─ 📝 article-templates.md Markdown 131L · 3.2 KB
│ ├─ 📝 cover-image-guide.md Markdown 282L · 9.8 KB
│ ├─ 📝 illustration-prompts.md Markdown 692L · 25.3 KB
│ ├─ 📝 infographic-layouts.md Markdown 192L · 6.7 KB
│ ├─ 📝 style-guide.md Markdown 96L · 4.1 KB
│ ├─ 📝 weixin-constraints.md Markdown 92L · 2.6 KB
│ ├─ 📝 writing-sop.md Markdown 106L · 4.3 KB
│ └─ 📝 writing-techniques.md Markdown 381L · 17.6 KB
├─ 📁 scripts
│ ├─ 📁 lib
│ │ └─ 📜 utils.mjs JavaScript 415L · 16.8 KB
│ ├─ 📜 check_comments.mjs JavaScript 88L · 2.7 KB
│ ├─ 📜 daily_report.mjs JavaScript 103L · 4.3 KB
│ ├─ 🐍 fetch_news.py Python 253L · 12.4 KB
│ ├─ 🐍 markdown_to_html.py Python 281L · 11.2 KB
│ ├─ 📜 publisher.mjs JavaScript 194L · 6.3 KB
│ ├─ 📜 reply_comment.mjs JavaScript 53L · 1.6 KB
│ ├─ 📜 setup.mjs JavaScript 45L · 1.6 KB
│ ├─ 📜 smart_collect.mjs JavaScript 92L · 3.6 KB
│ └─ 📜 weekly_report.mjs JavaScript 121L · 4.8 KB
├─ 📝 persona.md Markdown 36L · 1.3 KB
├─ 📝 README.md Markdown 59L · 1.5 KB
└─ 📝 SKILL.md Markdown 392L · 16.9 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
fetch_news.py stdlib only python3 stdlib No Uses only urllib, json, re, argparse — no pip dependencies
markdown_to_html.py stdlib only python3 stdlib No Uses only html, re, json, pathlib, subprocess — no pip dependencies

Security Positives

✓ Pure stdlib Python implementation — no third-party dependencies in fetch_news.py (no supply chain risk)
✓ All subprocess/shell execution is explicitly documented in SKILL.md with exact commands
✓ No base64 encoding, no obfuscation, no eval() patterns
✓ No credential exfiltration — WeChat appId/appSecret only used for internal api.weixin.qq.com API calls
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2, or data exfiltration patterns
✓ No hidden instructions in HTML comments or documentation
✓ WeChat API integration follows standard OAuth2 client_credential flow
✓ Credentials scoped to WeChat Official Account management only