扫描报告
0 /100
quark-auto-save
Manage quark-auto-save (QAS) tasks via API — add, search, run, and delete Quark cloud drive auto-save tasks
This is a legitimate Quark cloud drive auto-save API client with no malicious behavior detected. It simply wraps HTTP GET/POST calls to a user-provided QAS server.
可以安装
No action needed. This skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | scripts/qas_client.py:186 reads task.json via open() |
| 网络访问 | NONE | READ | ✓ 一致 | scripts/qas_client.py:53-89 uses urllib to call user-provided QAS_BASE_URL |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution in the codebase |
5 项发现
中危 外部 URL 外部 URL
https://pan.quark.cn/s/*** SKILL.md:22 中危 外部 URL 外部 URL
http://192.168.1.x:5005 SKILL.md:31 中危 外部 URL 外部 URL
https://pan.quark.cn/s/xxx#/list/share/fid SKILL.md:109 中危 外部 URL 外部 URL
https://pan.quark.cn/s/ SKILL.md:146 中危 外部 URL 外部 URL
https://pan.quark.cn/s/xxx SKILL.md:199 目录结构
2 文件 · 19.7 KB · 613 行 Markdown 1f · 326L
Python 1f · 287L
├─
▾
scripts
│ └─
qas_client.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
stdlib | built-in | Python 3 standard library | 否 | Uses only os, sys, json, urllib, argparse — no external dependencies |
安全亮点
✓ No subprocess or shell command execution — uses Python urllib only
✓ No credential exfiltration — QAS_TOKEN stays on-device and is sent only to user-provided QAS_BASE_URL
✓ No sensitive file access — only reads task.json from user-provided path
✓ No obfuscation — all code is plain Python, no base64, eval, or dynamic execution
✓ No suspicious dependencies — only uses Python standard library (os, sys, json, urllib)
✓ Documentation is clear and accurate about all behaviors
✓ Token is transmitted via query parameters as documented, not hidden in request bodies