扫描报告
0 /100
web-fetcher
Smart web content fetcher for articles and videos from WeChat, Feishu, Bilibili, Zhihu, Toutiao, YouTube, etc.
A legitimate web content fetcher skill that fetches articles and downloads videos from major platforms using documented tools like scrapling, yt-dlp, and camoufox.
可以安装
No action required. The skill is safe for use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:17 - writes output files and images |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:1 - fetches URLs from user input |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:9-13 - subprocess calls to scrapling/yt-dlp are documented |
| 浏览器 | READ | READ | ✓ 一致 | SKILL.md:12 - camoufox browser automation documented |
15 项发现
中危 外部 URL 外部 URL
https://mp.weixin.qq.com/s/xxx README.md:39 中危 外部 URL 外部 URL
https://b23.tv/xxx README.md:42 中危 外部 URL 外部 URL
https://xxx.feishu.cn/wiki/xxx README.md:45 中危 外部 URL 外部 URL
https://mp.weixin.qq.com/ SKILL.md:78 中危 外部 URL 外部 URL
https://mmbiz\.qpic\.cn[^ lib/article.py:200 中危 外部 URL 外部 URL
https://www.toutiao.com/ lib/article.py:237 中危 外部 URL 外部 URL
http://www.apache.org/licenses/LICENSE-2.0 lib/readability.js:8 中危 外部 URL 外部 URL
http://code.google.com/p/arc90labs-readability lib/readability.js:19 中危 外部 URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType lib/readability.js:103 中危 外部 URL 外部 URL
https://en.wikipedia.org/wiki/Comma#Comma_variants lib/readability.js:145 中危 外部 URL 外部 URL
https://schema.org/Article lib/readability.js:147 中危 外部 URL 外部 URL
http://mobile.slate.com lib/readability.js:992 中危 外部 URL 外部 URL
https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Content_categories#Phrasing_content lib/readability.js:1708 中危 外部 URL 外部 URL
https://searchfox.org/mozilla-central/rev/f82d5c549f046cb64ce5602bfd894b7ae807c8f8/accessible/generic/TableAccessible.cp... lib/readability.js:1924 中危 外部 URL 外部 URL
https://mmbiz.qpic.cn/... references/platforms.md:10 目录结构
12 文件 · 120.0 KB · 3427 行 JavaScript 1f · 2314L
Python 7f · 715L
Markdown 4f · 398L
├─
▾
lib
│ ├─
__init__.py
Python
│ ├─
article.py
Python
│ ├─
feishu.py
Python
│ ├─
readability.js
JavaScript
│ ├─
router.py
Python
│ ├─
utils.py
Python
│ └─
video.py
Python
├─
▾
references
│ ├─
extending.md
Markdown
│ └─
platforms.md
Markdown
├─
fetcher.py
Python
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
scrapling | * | pip | 否 | Version not pinned but standard scraping library |
yt-dlp | * | pip | 否 | Version not pinned but standard video downloader |
camoufox | * | pip | 否 | Version not pinned but legitimate anti-detection browser |
html2text | * | pip | 否 | Version not pinned but standard HTML-to-Markdown converter |
安全亮点
✓ All shell operations (scrapling, yt-dlp) are explicitly declared in SKILL.md with clear purpose
✓ Browser cookie access is documented and only used for legitimate platform authentication (Feishu, Bilibili)
✓ No credential exfiltration - browser cookies used only for authenticated fetches to download content locally
✓ Dependencies are standard, well-known web scraping tools with no typosquatting indicators
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ Readability.js injection uses a known-good library file, not dynamic code
✓ No base64-encoded commands, no reverse shells, no C2 communication
✓ Temp directory usage is standard for temporary file handling
✓ Image download includes proper Referer headers for platform-specific requirements