中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
tianpuyue_music
使用天谱乐 AI 生成纯音乐、歌曲(含人声演唱)或歌词,将结果保存到本地
Legitimate music generation skill that properly declares all capabilities, uses standard Python libraries for API communication, and stores outputs only in designated directories.
技能名称tianpuyue_music
分析耗时31.3s
引擎pi
可以安装
No action required. The skill follows security best practices with clear documentation, pinned Python version (>=3.14), and proper credential handling.
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 SKILL.md declares OUTPUT_ROOT env var; scripts write to outputs/tianpuyue/{music…
网络访问 READ READ ✓ 一致 SKILL.md declares TIANPUYUE_API_KEY; API calls only to https://api.tianpuyue.cn
命令执行 WRITE WRITE ✓ 一致 SKILL.md metadata.requires.bins declares 'uv'; uv run is documented in SKILL.md …
环境变量 READ READ ✓ 一致 scripts/common.py reads TIANPUYUE_API_KEY and OUTPUT_ROOT; declared in SKILL.md …
2 项发现
🔗
中危 外部 URL 外部 URL
https://www.tempolor.com/create/song
references/voice_id_map.md:3
🔗
中危 外部 URL 外部 URL
https://api.tianpuyue.cn
scripts/common.py:45

目录结构

10 文件 · 28.6 KB · 835 行
Python 7f · 690L Markdown 2f · 141L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 366 B
├─ 📁 references
│ └─ 📝 voice_id_map.md Markdown 35L · 2.8 KB
├─ 📁 scripts
│ ├─ 🐍 common.py Python 322L · 10.4 KB
│ ├─ 🐍 generate_lyrics.py Python 89L · 2.6 KB
│ ├─ 🐍 generate_music.py Python 91L · 2.7 KB
│ ├─ 🐍 generate_song.py Python 98L · 3.1 KB
│ ├─ 🐍 query_lyrics_status.py Python 30L · 735 B
│ ├─ 🐍 query_music_status.py Python 30L · 742 B
│ └─ 🐍 query_song_status.py Python 30L · 731 B
└─ 📝 SKILL.md Markdown 106L · 4.6 KB

依赖分析 1 项

包名版本来源已知漏洞备注
Python Standard Library >=3.14 stdlib urllib, json, pathlib, argparse, logging - all standard library

安全亮点

✓ No obfuscation techniques detected - pure readable Python code
✓ No credential exfiltration - API key used only for Authorization header to legitimate endpoint
✓ No arbitrary code execution - uses uv run with documented scripts only
✓ No sensitive path access - outputs restricted to designated OUTPUT_ROOT subdirectory
✓ No base64 or encoded execution patterns
✓ Python version pinned to >=3.14 via PEP 723 inline script directive
✓ All functionality documented in SKILL.md with exact command examples
✓ Uses standard library (urllib) - no external dependencies with vulnerabilities
✓ Logging only to local files in OUTPUT_ROOT/outputs/logs - no external telemetry