扫描报告
0 /100
xhs-note-gen
小红书笔记生成服务,通过外部 API 生成小红书笔记内容
A straightforward XiaoHongShu note generation script that makes HTTP POST requests to an external API, with no malicious behavior, credential access, or hidden functionality.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in scripts/xhs_note_gen.py |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md describes external API usage but does not formally declare network:READ… |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | NONE | NONE | — | No os.environ access in script |
| 技能调用 | NONE | NONE | — | No skill invocation detected |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
中危 外部 URL 外部 URL
https://xiaonian.cc/employee-console/dashboard/v2/api SKILL.md:13 目录结构
3 文件 · 6.5 KB · 209 行 Python 1f · 112L
Markdown 2f · 97L
├─
▾
references
│ └─
content-marketing-dashboard-api.md
Markdown
├─
▾
scripts
│ └─
xhs_note_gen.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ No subprocess or shell execution — uses only stdlib urllib.request
✓ No credential harvesting or environment variable enumeration
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env, etc.)
✓ No obfuscation (no base64, no eval, no encoded payloads)
✓ No data exfiltration — only sends task parameters to the declared API
✓ No supply chain risk — no external dependencies (stdlib only)
✓ Output is scoped and controlled — returns only generated note content
✓ Documentation is accurate; behavior matches declared intent