中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:18 小时前 重新扫描
0 /100
group-director
Creates short videos from claw-prepared prompts for Feishu/Lark group chat scenarios using the SenseAudio video API
This is a straightforward video generation skill that calls the SenseAudio API via standard Python HTTP requests. No malicious behavior, obfuscation, credential theft, or hidden functionality detected. The single external URL is a legitimate API endpoint, and the API key usage is scoped to authentication only.
技能名称group-director
分析耗时35.7s
引擎pi
可以安装
No action needed. The skill is safe to use. Consider pinning the requests library version in a requirements.txt for supply-chain hygiene.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file operations found in scripts/main.py or scripts/video_api.py
网络访问 READ READ ✓ 一致 scripts/video_api.py:65-72, 79-86 — requests.post/get to senseaudio.cn API only
命令执行 NONE NONE No subprocess, os.system, or shell invocation found
环境变量 NONE READ ✓ 一致 scripts/video_api.py:37-38 — reads SENSEAUDIO_API_KEY and SENSEAUDIO_BASE_URL; n…
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.senseaudio.cn
SKILL.md:125

目录结构

6 文件 · 12.1 KB · 388 行
Markdown 3f · 197L Python 2f · 188L YAML 1f · 3L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 3L · 165 B
├─ 📁 references
│ ├─ 📝 integration_cn.md Markdown 49L · 1.1 KB
│ └─ 📝 provider_notes.md Markdown 15L · 431 B
├─ 📁 scripts
│ ├─ 🐍 main.py Python 67L · 2.0 KB
│ └─ 🐍 video_api.py Python 121L · 4.5 KB
└─ 📝 SKILL.md Markdown 133L · 4.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
requests * pip Version not pinned — no requirements.txt found; consider adding one for reproducible builds

安全亮点

✓ No subprocess, shell execution, or os.system calls — all HTTP done via the requests library
✓ No obfuscation: no base64, no eval, no atob patterns
✓ No credential exfiltration — SENSEAUDIO_API_KEY is used only for Bearer token auth with the video API
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No persistence mechanisms (no cron, no startup hooks, no backdoors)
✓ No reverse shell, no C2 communication, no data theft
✓ Clean two-step pattern (create then poll) fully documented in SKILL.md and code
✓ Input validation present — empty prompt and task_id checks with clear error messages
✓ Timeout enforced on API calls (60s create, 30s status) and overall polling (600s)
✓ Hardcoded sensible defaults prevent parameter confusion