扫描报告
5 /100
bangumi-explorer
Query Bangumi (bgm.tv) for anime, manga, light novels, games, and music. Search subjects, view details and episode lists, browse seasonal anime charts, rating rankings, and look up voice actors / staff.
A clean, straightforward Bangumi anime database query tool with zero third-party dependencies and fully declared behavior.
可以安装
Approve for use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | bangumi.py:97-117 — urllib.request to api.bgm.tv only |
| 文件系统 | WRITE | WRITE | ✓ 一致 | bangumi.py:67-72 — writes cache to ~/.bangumi/cache/ |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares exec/python to run bangumi.py |
2 项发现
中危 外部 URL 外部 URL
https://api.bgm.tv/v0 SKILL.md:33 中危 外部 URL 外部 URL
https://api.bgm.tv/calendar bangumi.py:755 目录结构
2 文件 · 30.2 KB · 952 行 Python 1f · 861L
Markdown 1f · 91L
├─
bangumi.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
stdlib only | N/A | built-in | 否 | No third-party packages — uses only Python standard library |
安全亮点
✓ Zero third-party dependencies — uses only Python stdlib (argparse, json, os, sys, time, urllib, datetime, pathlib)
✓ No credential or environment variable access of any kind
✓ All network requests go exclusively to api.bgm.tv (legitimate Bangumi API)
✓ Cache directory limited to ~/.bangumi/cache/ — fully declared in SKILL.md
✓ Rate-limited to 0.5s between requests
✓ No obfuscation, base64, eval, or anti-analysis techniques
✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No subprocess beyond the intended Python script invocation
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ Code is clear and auditable — 861 lines of straightforward Python