feapder Security Report — Trusted | ClawSafe

5 /100

feapder

Build, modify, and debug feapder 1.9.2 spiders and projects with the framework's native patterns

This skill is a legitimate feapder 1.9.2 web-scraping framework knowledge base and code generator with no malicious behavior, hidden functionality, or undeclared sensitive operations.

Skill Namefeapder

Duration60.3s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use.

Findings 3 items

Severity	Finding	Location
Info	Hardcoded proxy IP in test scaffold Doc Mismatch The test example file references hardcoded IP 12.12.12.12:6666 in a commented-out proxy configuration line. This is a test scaffold placeholder with no executable impact and no data egress. `# request.proxies = {"https":"https://12.12.12.12:6666"}` → No action required. This is commented-out test scaffolding in a vendored framework snapshot.	`references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33`
Info	Vendored dependency without pinned version Supply Chain The skill vendors the complete feapder 1.9.2 library rather than referencing it via pip/requirements.txt. The vendored copy is static and not fetched at runtime, eliminating supply-chain risk from the network. `N/A` → No action required. Vendoring is a deliberate security choice to ensure portability and reproducibility.	`references/vendor/feapder-1.9.2/`
Info	setting.py contains credential template placeholders Sensitive Access The project template setting.py includes commented-out placeholder variables for MYSQL_USER_PASS, REDISDB_USER_PASS, and EMAIL_PASSWORD. All are commented out and not active; the template is the feapder framework's standard scaffolding. `# MYSQL_USER_PASS = ""` → No action required. These are framework scaffolding placeholders, not harvested credentials.	`references/vendor/feapder-1.9.2/feapder/templates/project_template/setting.py:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Skill references vendored library files for code generation guidance; no write o…
Network	`NONE`	`NONE`	—	Skill only generates feapder spider code; no direct network calls made by the sk…
Shell	`NONE`	`NONE`	—	No subprocess/os.system calls in SKILL.md, agents/openai.yaml, or reference mark…
Environment	`NONE`	`NONE`	—	No os.environ iteration; feapder framework may use env vars but this is within v…
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation patterns found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	feapder's render mode (Selenium/Playwright) is a vendored framework feature, not…
Database	`NONE`	`NONE`	—	feapder's MySQL/Redis pipelines are part of the vendored framework; skill only g…

1 High 44 findings

📡

High IP Address 硬编码 IP 地址

12.12.12.12

references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/python-3.6-brightgreen

references/vendor/feapder-1.9.2/README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/github/watchers/Boris-code/feapder?style=social

references/vendor/feapder-1.9.2/README.md:4

🔗

Medium External URL 外部 URL

https://img.shields.io/github/stars/Boris-code/feapder?style=social

references/vendor/feapder-1.9.2/README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/github/forks/Boris-code/feapder?style=social

references/vendor/feapder-1.9.2/README.md:6

🔗

Medium External URL 外部 URL

https://pepy.tech/badge/feapder

references/vendor/feapder-1.9.2/README.md:7

🔗

Medium External URL 外部 URL

https://pepy.tech/project/feapder

references/vendor/feapder-1.9.2/README.md:7

🔗

Medium External URL 外部 URL

https://pepy.tech/badge/feapder/month

references/vendor/feapder-1.9.2/README.md:8

🔗

Medium External URL 外部 URL

https://pepy.tech/badge/feapder/week

references/vendor/feapder-1.9.2/README.md:9

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2023/09/04/feapder.jpg

references/vendor/feapder-1.9.2/README.md:19

🔗

Medium External URL 外部 URL

https://feapder.com

references/vendor/feapder-1.9.2/README.md:24

🔗

Medium External URL 外部 URL

http://feapder.com/#/feapder_platform/feaplat

references/vendor/feapder-1.9.2/README.md:27

🔗

Medium External URL 外部 URL

https://www.baidu.com

references/vendor/feapder-1.9.2/README.md:80

🔗

Medium External URL 外部 URL

https://contrib.rocks/image?repo=Boris-code/feapder

references/vendor/feapder-1.9.2/README.md:117

🔗

Medium External URL 外部 URL

http://www.spidertools.cn

references/vendor/feapder-1.9.2/README.md:122

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/03/16/zan-shang-ma.png

references/vendor/feapder-1.9.2/README.md:133

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/02/16/zhi-shi-xing-qiu.jpeg

references/vendor/feapder-1.9.2/README.md:144

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/07/12/er-wei-ma.jpeg?x-oss-process=style/markdown-media

references/vendor/feapder-1.9.2/README.md:146

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2024/04/28/17142933285892.jpg

references/vendor/feapder-1.9.2/README.md:147

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127822246620.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:75

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127839359771.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:153

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2022/09/09/16626945562298.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:200

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127849396722.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:241

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127850065269.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:245

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127859798201.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:302

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/06/21/15927532396490.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:350

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/06/21/15927533333272.jpg

references/vendor/feapder-1.9.2/docs/command/cmdline.md:355

🔗

Medium External URL 外部 URL

https://www.baidu.com/

references/vendor/feapder-1.9.2/docs/command/cmdline.md:359

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16138971894815.jpg

references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:168

🔗

Medium External URL 外部 URL

https://news.qq.com/

references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:242

🔗

Medium External URL 外部 URL

http://www.baidu.com

references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:276

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139009217536.jpg

references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:80

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/22/16139762922842.jpg

references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:110

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/22/16139773315622.jpg

references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:141

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139218044066.jpg

references/vendor/feapder-1.9.2/docs/usage/Spider.md:17

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139031333228.jpg

references/vendor/feapder-1.9.2/docs/usage/Spider.md:109

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139224711465.jpg

references/vendor/feapder-1.9.2/docs/usage/Spider.md:146

🔗

Medium External URL 外部 URL

http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/12/20/16084680404224.jpg

references/vendor/feapder-1.9.2/docs/usage/使用前必读.md:25

🔗

Medium External URL 外部 URL

https://zh.wikipedia.org/wiki/%E6%8E%A7%E5%88%B6%E5%AD%97%E7%AC%A6

references/vendor/feapder-1.9.2/feapder/network/response.py:31

🔗

Medium External URL 外部 URL

http://permit.mep.gov.cn/permitExt/syssb/xxgk/xxgk!showImage.action?dataid=0b092f8115ff45c5a50947cdea537726

references/vendor/feapder-1.9.2/feapder/network/response.py:227

🔗

Medium External URL 外部 URL

https://open.feishu.cn/document/ukTMukTMukTM/ucTM5YjL3ETO24yNxkjN#e1cdee9f

references/vendor/feapder-1.9.2/feapder/templates/project_template/setting.py:156

🔗

Medium External URL 外部 URL

https://12.12.12.12:6666

references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33

🔗

Medium External URL 外部 URL

https://www.baidu.com#

references/vendor/feapder-1.9.2/tests/spider/spiders/test_spider.py:17

📧

Info Email 邮箱地址

[email protected]

references/vendor/feapder-1.9.2/feapder/core/spiders/air_spider.py:8

File Tree

25 files · 216.3 KB · 5809 lines

Python 12f · 3871L Markdown 12f · 1934L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 223 B

├─ ▾ 📁 references

│ ├─ ▾ 📁 vendor

│ │ └─ ▾ 📁 feapder-1.9.2

│ │ ├─ ▾ 📁 docs

│ │ │ ├─ ▾ 📁 command

│ │ │ │ └─ 📝 cmdline.md Markdown 386L · 13.2 KB

│ │ │ └─ ▾ 📁 usage

│ │ │ ├─ 📝 AirSpider.md Markdown 339L · 11.1 KB

│ │ │ ├─ 📝 BatchSpider.md Markdown 330L · 12.3 KB

│ │ │ ├─ 📝 Spider.md Markdown 203L · 7.1 KB

│ │ │ ├─ 📝 TaskSpider.md Markdown 133L · 4.0 KB

│ │ │ └─ 📝 使用前必读.md Markdown 65L · 2.6 KB

│ │ ├─ ▾ 📁 feapder

│ │ │ ├─ ▾ 📁 core

│ │ │ │ └─ ▾ 📁 spiders

│ │ │ │ ├─ 🐍 air_spider.py Python 138L · 4.4 KB

│ │ │ │ ├─ 🐍 batch_spider.py Python 1215L · 49.5 KB

│ │ │ │ ├─ 🐍 spider.py Python 393L · 13.5 KB

│ │ │ │ └─ 🐍 task_spider.py Python 733L · 27.9 KB

│ │ │ ├─ ▾ 📁 network

│ │ │ │ ├─ 🐍 request.py Python 543L · 18.2 KB

│ │ │ │ └─ 🐍 response.py Python 393L · 12.8 KB

│ │ │ └─ ▾ 📁 templates

│ │ │ └─ ▾ 📁 project_template

│ │ │ ├─ 🐍 main.py Python 79L · 2.1 KB

│ │ │ ├─ 📝 README.md Markdown 7L · 88 B

│ │ │ └─ 🐍 setting.py Python 190L · 9.2 KB

│ │ ├─ ▾ 📁 tests

│ │ │ ├─ ▾ 📁 air-spider

│ │ │ │ └─ 🐍 test_air_spider.py Python 50L · 1.2 KB

│ │ │ ├─ ▾ 📁 batch-spider

│ │ │ │ └─ ▾ 📁 spiders

│ │ │ │ └─ 🐍 test_spider.py Python 52L · 1.6 KB

│ │ │ ├─ ▾ 📁 spider

│ │ │ │ └─ ▾ 📁 spiders

│ │ │ │ └─ 🐍 test_spider.py Python 34L · 1019 B

│ │ │ └─ ▾ 📁 test-pipeline

│ │ │ └─ 🐍 pipeline.py Python 51L · 1.4 KB

│ │ └─ 📝 README.md Markdown 153L · 4.4 KB

│ ├─ 📝 code-patterns.md Markdown 114L · 4.6 KB

│ ├─ 📝 settings-debugging-and-sources.md Markdown 56L · 2.9 KB

│ └─ 📝 spider-types-and-scaffolding.md Markdown 68L · 3.2 KB

└─ 📝 SKILL.md Markdown 80L · 7.7 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`feapder`	`1.9.2 (vendored)`	vendored (references/vendor/feapder-1.9.2/)	No	Fully vendored as static reference snapshot; not fetched via network at runtime
`requests`	`unpinned (referenced in vendored feapder)`	vendored feapder dependency	No	Used by feapder internally; verify=False is a framework design choice for dev flexibility, not malicious behavior

Security Positives

✓ All code is self-contained; no external script downloads or curl|bash execution patterns

✓ No credential harvesting, key iteration, or sensitive file access anywhere in the skill

✓ No obfuscation techniques (base64, eval, atob) or anti-analysis patterns present

✓ No prompt injection instructions, jailbreak hints, or hidden directives in any file

✓ The feapder framework vendored copy is from an identified open-source project (Boris-code/feapder on GitHub)

✓ All skill behavior is fully declared in SKILL.md — code generation for feapder spiders only

✓ No persistence mechanisms (cron, startup hooks, backdoors) detected

✓ No data exfiltration, C2 communication, or outbound telemetry identified

Scan Report

Findings 3 items

File Tree

Dependencies 2 items

Security Positives