扫描报告
5 /100
Smart Report Generator
AI-powered daily/weekly/monthly report generator with multi-platform push support (Feishu/DingTalk/Slack)
This is a legitimate report generation tool with no malicious behavior detected. The code performs exactly as documented - AI-powered report generation with webhook notifications to configured platforms.
可以安装
No action needed. This skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | report_bot.py:42-43 |
| 网络访问 | WRITE | WRITE | ✓ 一致 | report_bot.py:91-97 |
| 环境变量 | READ | READ | ✓ 一致 | report_bot.py:41 |
| 命令执行 | NONE | NONE | — | N/A |
| 剪贴板 | NONE | NONE | — | N/A |
| 浏览器 | NONE | NONE | — | N/A |
| 数据库 | NONE | NONE | — | N/A |
2 项发现
中危 外部 URL 外部 URL
https://open.feishu.cn/open-apis/bot/v2/hook/xxx SKILL.md:30 中危 外部 URL 外部 URL
https://discord.gg/clawd SKILL.md:58 目录结构
2 文件 · 5.8 KB · 217 行 Python 1f · 155L
Markdown 1f · 62L
├─
report_bot.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
openclaw | * | pip | 否 | Version not pinned |
requests | * | pip | 否 | Version not pinned |
pyyaml | * | pip | 否 | Version not pinned |
安全亮点
✓ Clean, well-structured Python code with no obfuscation
✓ Documentation accurately describes the tool's functionality
✓ Uses yaml.safe_load() for safe YAML parsing
✓ Reads API key only from environment variable (no hardcoding)
✓ HTTP requests limited to configured webhook endpoints
✓ No file writes to system directories
✓ No network requests to arbitrary IPs
✓ No credential exfiltration detected