中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:20 hr ago Rescan
15 /100
ifly-pdf&image-ocr
AI-powered OCR service for images and PDF documents using iFlytek's advanced recognition APIs
Legitimate OCR skill using iFlytek APIs with no malicious behavior; minor issue of unpinned dependencies.
Skill Nameifly-pdf&image-ocr
Duration157.4s
Enginepi
Safe to install
No immediate action required. Consider pinning the requests library version in a requirements.txt for reproducibility.

Findings 2 items

Severity Finding Location
Low
Unpinned dependency Supply Chain
The requests library is imported but not pinned to a specific version. No requirements.txt or dependency manifest exists.
import requests
→ Add a requirements.txt with 'requests>=2.28.0' or similar to ensure reproducible builds
 scripts/image_ocr.py:17
Low
Missing _meta.json Doc Mismatch
No _meta.json metadata file found for the skill.
N/A
→ Add _meta.json with skill metadata for tracking purposes
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Scripts read image/PDF files specified by user
Network READ READ ✓ Aligned Makes API calls to cbm01.cn-huabei-1.xf-yun.com and iocr.xfyun.cn
Shell NONE NONE No subprocess or shell execution found
Environment READ READ ✓ Aligned Reads IFLY_APP_ID, IFLY_API_KEY, IFLY_API_SECRET for API authentication
6 findings
🔗
Medium External URL 外部 URL
https://console.xfyun.cn/
SKILL.md:46
🔗
Medium External URL 外部 URL
http://bjcdn.openstorage.cn/...
SKILL.md:185
🔗
Medium External URL 外部 URL
https://console.xfyun.cn/services/se75ocrbm
SKILL.md:235
🔗
Medium External URL 外部 URL
https://console.xfyun.cn/sale/buy?wareId=9166&packageId=9166001&serviceName=%E9%80%9A%E7%94%A8%E6%96%87%E6%A1%A3%E8%AF%8...
SKILL.md:236
🔗
Medium External URL 外部 URL
https://cbm01.cn-huabei-1.xf-yun.com/v1/private/se75ocrbm
scripts/image_ocr.py:25
🔗
Medium External URL 外部 URL
https://iocr.xfyun.cn/ocrzdq/v1/pdfOcr
scripts/pdf_ocr.py:24

File Tree

3 files · 27.8 KB · 872 lines
Python 2f · 598L Markdown 1f · 274L
├─ 📁 scripts
│ ├─ 🐍 image_ocr.py Python 260L · 7.9 KB
│ └─ 🐍 pdf_ocr.py Python 338L · 10.0 KB
└─ 📝 SKILL.md Markdown 274L · 9.8 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
requests * pip No Version not pinned, no requirements.txt

Security Positives

✓ All network requests go to legitimate iFlytek API endpoints (xf-yun.com domains)
✓ API credentials are used only for authentication, not exfiltrated
✓ HMAC-SHA256 and HMAC-SHA1 signatures are standard cryptographic practices
✓ No shell execution, subprocess, or command injection vectors found
✓ No base64 obfuscation or dynamic code execution (eval/exec)
✓ File access is limited to user-specified image/PDF paths only
✓ Documentation accurately describes all functionality and API behavior
✓ No hidden functionality or undocumented behavior detected