Scan Report
5 /100
Smart Report Generator
AI-powered daily/weekly/monthly report generator with multi-platform push support (Feishu/DingTalk/Slack)
This is a legitimate report generation tool with no malicious behavior detected. The code performs exactly as documented - AI-powered report generation with webhook notifications to configured platforms.
Safe to install
No action needed. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | report_bot.py:42-43 |
| Network | WRITE | WRITE | ✓ Aligned | report_bot.py:91-97 |
| Environment | READ | READ | ✓ Aligned | report_bot.py:41 |
| Shell | NONE | NONE | — | N/A |
| Clipboard | NONE | NONE | — | N/A |
| Browser | NONE | NONE | — | N/A |
| Database | NONE | NONE | — | N/A |
2 findings
Medium External URL 外部 URL
https://open.feishu.cn/open-apis/bot/v2/hook/xxx SKILL.md:30 Medium External URL 外部 URL
https://discord.gg/clawd SKILL.md:58 File Tree
2 files · 5.8 KB · 217 lines Python 1f · 155L
Markdown 1f · 62L
├─
report_bot.py
Python
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
openclaw | * | pip | No | Version not pinned |
requests | * | pip | No | Version not pinned |
pyyaml | * | pip | No | Version not pinned |
Security Positives
✓ Clean, well-structured Python code with no obfuscation
✓ Documentation accurately describes the tool's functionality
✓ Uses yaml.safe_load() for safe YAML parsing
✓ Reads API key only from environment variable (no hardcoding)
✓ HTTP requests limited to configured webhook endpoints
✓ No file writes to system directories
✓ No network requests to arbitrary IPs
✓ No credential exfiltration detected