扫描报告
5 /100
GitLab Daily Report Skill
AI assistant for GitLab project data analysis and Feishu report generation
GitLab Daily Report skill is a legitimate reporting tool that fetches GitLab data and sends formatted reports to Feishu. No malicious behavior detected.
可以安装
This skill is safe to use. Standard security hygiene: ensure config.json is protected, use minimal-privilege GitLab tokens, and restrict Feishu webhook access.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | SSL certificate verification disabled 敏感访问 | scripts/gitlab_report.py:19 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md declares config.json reading |
| 网络访问 | WRITE | WRITE | ✓ 一致 | GitLab API reads and Feishu webhook writes are documented |
| 命令执行 | READ | READ | ✓ 一致 | Runs python scripts for data fetching |
| 环境变量 | NONE | READ | ✓ 一致 | Reads gitlab_token from config.json, not os.environ |
3 项发现
中危 外部 URL 外部 URL
https://gitlab.yourcompany.com references/README.md:29 中危 外部 URL 外部 URL
https://your-server.com/webhook references/README.md:114 中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/bot/v2/hook/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx scripts/config.example.json:11 目录结构
5 文件 · 41.3 KB · 1116 行 Python 2f · 729L
Markdown 2f · 372L
JSON 1f · 15L
├─
▾
references
│ └─
README.md
Markdown
├─
▾
scripts
│ ├─
config.example.json
JSON
│ ├─
example.py
Python
│ └─
gitlab_report.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ No credential harvesting beyond GitLab API token required for functionality
✓ No data exfiltration - only sends report data to configured Feishu webhook
✓ No obfuscation or base64-encoded payloads detected
✓ No suspicious network connections to unknown IPs
✓ Documentation accurately describes all functionality
✓ Uses only Python standard library (no external dependencies with vulnerabilities)
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env reading)
✓ Proper two-step confirmation flow prevents accidental data push
✓ ThreadPoolExecutor used for legitimate concurrent API requests