Scan Report
5 /100
bangumi-explorer
Query Bangumi (bgm.tv) for anime, manga, light novels, games, and music. Search subjects, view details and episode lists, browse seasonal anime charts, rating rankings, and look up voice actors / staff.
A clean, straightforward Bangumi anime database query tool with zero third-party dependencies and fully declared behavior.
Safe to install
Approve for use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | bangumi.py:97-117 — urllib.request to api.bgm.tv only |
| Filesystem | WRITE | WRITE | ✓ Aligned | bangumi.py:67-72 — writes cache to ~/.bangumi/cache/ |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares exec/python to run bangumi.py |
2 findings
Medium External URL 外部 URL
https://api.bgm.tv/v0 SKILL.md:33 Medium External URL 外部 URL
https://api.bgm.tv/calendar bangumi.py:755 File Tree
2 files · 30.2 KB · 952 lines Python 1f · 861L
Markdown 1f · 91L
├─
bangumi.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
stdlib only | N/A | built-in | No | No third-party packages — uses only Python standard library |
Security Positives
✓ Zero third-party dependencies — uses only Python stdlib (argparse, json, os, sys, time, urllib, datetime, pathlib)
✓ No credential or environment variable access of any kind
✓ All network requests go exclusively to api.bgm.tv (legitimate Bangumi API)
✓ Cache directory limited to ~/.bangumi/cache/ — fully declared in SKILL.md
✓ Rate-limited to 0.5s between requests
✓ No obfuscation, base64, eval, or anti-analysis techniques
✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No subprocess beyond the intended Python script invocation
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ Code is clear and auditable — 861 lines of straightforward Python