Scan Report
0 /100
web-fetcher
Smart web content fetcher for articles and videos from WeChat, Feishu, Bilibili, Zhihu, Toutiao, YouTube, etc.
A legitimate web content fetcher skill that fetches articles and downloads videos from major platforms using documented tools like scrapling, yt-dlp, and camoufox.
Safe to install
No action required. The skill is safe for use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:17 - writes output files and images |
| Network | READ | READ | ✓ Aligned | SKILL.md:1 - fetches URLs from user input |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:9-13 - subprocess calls to scrapling/yt-dlp are documented |
| Browser | READ | READ | ✓ Aligned | SKILL.md:12 - camoufox browser automation documented |
15 findings
Medium External URL 外部 URL
https://mp.weixin.qq.com/s/xxx README.md:39 Medium External URL 外部 URL
https://b23.tv/xxx README.md:42 Medium External URL 外部 URL
https://xxx.feishu.cn/wiki/xxx README.md:45 Medium External URL 外部 URL
https://mp.weixin.qq.com/ SKILL.md:78 Medium External URL 外部 URL
https://mmbiz\.qpic\.cn[^ lib/article.py:200 Medium External URL 外部 URL
https://www.toutiao.com/ lib/article.py:237 Medium External URL 外部 URL
http://www.apache.org/licenses/LICENSE-2.0 lib/readability.js:8 Medium External URL 外部 URL
http://code.google.com/p/arc90labs-readability lib/readability.js:19 Medium External URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType lib/readability.js:103 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Comma#Comma_variants lib/readability.js:145 Medium External URL 外部 URL
https://schema.org/Article lib/readability.js:147 Medium External URL 外部 URL
http://mobile.slate.com lib/readability.js:992 Medium External URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Content_categories#Phrasing_content lib/readability.js:1708 Medium External URL 外部 URL
https://searchfox.org/mozilla-central/rev/f82d5c549f046cb64ce5602bfd894b7ae807c8f8/accessible/generic/TableAccessible.cp... lib/readability.js:1924 Medium External URL 外部 URL
https://mmbiz.qpic.cn/... references/platforms.md:10 File Tree
12 files · 120.0 KB · 3427 lines JavaScript 1f · 2314L
Python 7f · 715L
Markdown 4f · 398L
├─
▾
lib
│ ├─
__init__.py
Python
│ ├─
article.py
Python
│ ├─
feishu.py
Python
│ ├─
readability.js
JavaScript
│ ├─
router.py
Python
│ ├─
utils.py
Python
│ └─
video.py
Python
├─
▾
references
│ ├─
extending.md
Markdown
│ └─
platforms.md
Markdown
├─
fetcher.py
Python
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
scrapling | * | pip | No | Version not pinned but standard scraping library |
yt-dlp | * | pip | No | Version not pinned but standard video downloader |
camoufox | * | pip | No | Version not pinned but legitimate anti-detection browser |
html2text | * | pip | No | Version not pinned but standard HTML-to-Markdown converter |
Security Positives
✓ All shell operations (scrapling, yt-dlp) are explicitly declared in SKILL.md with clear purpose
✓ Browser cookie access is documented and only used for legitimate platform authentication (Feishu, Bilibili)
✓ No credential exfiltration - browser cookies used only for authenticated fetches to download content locally
✓ Dependencies are standard, well-known web scraping tools with no typosquatting indicators
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ Readability.js injection uses a known-good library file, not dynamic code
✓ No base64-encoded commands, no reverse shells, no C2 communication
✓ Temp directory usage is standard for temporary file handling
✓ Image download includes proper Referer headers for platform-specific requirements