中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
feapder
Build, modify, and debug feapder 1.9.2 spiders and projects with the framework's native patterns
This skill is a legitimate feapder 1.9.2 web-scraping framework knowledge base and code generator with no malicious behavior, hidden functionality, or undeclared sensitive operations.
技能名称feapder
分析耗时60.3s
引擎pi
可以安装
No action needed. The skill is safe to use.

安全发现 3 项

严重性 安全发现 位置
提示
Hardcoded proxy IP in test scaffold 文档欺骗
The test example file references hardcoded IP 12.12.12.12:6666 in a commented-out proxy configuration line. This is a test scaffold placeholder with no executable impact and no data egress.
# request.proxies = {"https":"https://12.12.12.12:6666"}
→ No action required. This is commented-out test scaffolding in a vendored framework snapshot.
 references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33
提示
Vendored dependency without pinned version 供应链
The skill vendors the complete feapder 1.9.2 library rather than referencing it via pip/requirements.txt. The vendored copy is static and not fetched at runtime, eliminating supply-chain risk from the network.
N/A
→ No action required. Vendoring is a deliberate security choice to ensure portability and reproducibility.
 references/vendor/feapder-1.9.2/
提示
setting.py contains credential template placeholders 敏感访问
The project template setting.py includes commented-out placeholder variables for MYSQL_USER_PASS, REDISDB_USER_PASS, and EMAIL_PASSWORD. All are commented out and not active; the template is the feapder framework's standard scaffolding.
# MYSQL_USER_PASS = ""
→ No action required. These are framework scaffolding placeholders, not harvested credentials.
 references/vendor/feapder-1.9.2/feapder/templates/project_template/setting.py:1
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 Skill references vendored library files for code generation guidance; no write o…
网络访问 NONE NONE Skill only generates feapder spider code; no direct network calls made by the sk…
命令执行 NONE NONE No subprocess/os.system calls in SKILL.md, agents/openai.yaml, or reference mark…
环境变量 NONE NONE No os.environ iteration; feapder framework may use env vars but this is within v…
技能调用 NONE NONE No inter-skill invocation patterns found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE feapder's render mode (Selenium/Playwright) is a vendored framework feature, not…
数据库 NONE NONE feapder's MySQL/Redis pipelines are part of the vendored framework; skill only g…
1 高危 44 项发现
📡
高危 IP 地址 硬编码 IP 地址
12.12.12.12
references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/python-3.6-brightgreen
references/vendor/feapder-1.9.2/README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/github/watchers/Boris-code/feapder?style=social
references/vendor/feapder-1.9.2/README.md:4
🔗
中危 外部 URL 外部 URL
https://img.shields.io/github/stars/Boris-code/feapder?style=social
references/vendor/feapder-1.9.2/README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/github/forks/Boris-code/feapder?style=social
references/vendor/feapder-1.9.2/README.md:6
🔗
中危 外部 URL 外部 URL
https://pepy.tech/badge/feapder
references/vendor/feapder-1.9.2/README.md:7
🔗
中危 外部 URL 外部 URL
https://pepy.tech/project/feapder
references/vendor/feapder-1.9.2/README.md:7
🔗
中危 外部 URL 外部 URL
https://pepy.tech/badge/feapder/month
references/vendor/feapder-1.9.2/README.md:8
🔗
中危 外部 URL 外部 URL
https://pepy.tech/badge/feapder/week
references/vendor/feapder-1.9.2/README.md:9
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2023/09/04/feapder.jpg
references/vendor/feapder-1.9.2/README.md:19
🔗
中危 外部 URL 外部 URL
https://feapder.com
references/vendor/feapder-1.9.2/README.md:24
🔗
中危 外部 URL 外部 URL
http://feapder.com/#/feapder_platform/feaplat
references/vendor/feapder-1.9.2/README.md:27
🔗
中危 外部 URL 外部 URL
https://www.baidu.com
references/vendor/feapder-1.9.2/README.md:80
🔗
中危 外部 URL 外部 URL
https://contrib.rocks/image?repo=Boris-code/feapder
references/vendor/feapder-1.9.2/README.md:117
🔗
中危 外部 URL 外部 URL
http://www.spidertools.cn
references/vendor/feapder-1.9.2/README.md:122
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/03/16/zan-shang-ma.png
references/vendor/feapder-1.9.2/README.md:133
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/02/16/zhi-shi-xing-qiu.jpeg
references/vendor/feapder-1.9.2/README.md:144
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/07/12/er-wei-ma.jpeg?x-oss-process=style/markdown-media
references/vendor/feapder-1.9.2/README.md:146
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2024/04/28/17142933285892.jpg
references/vendor/feapder-1.9.2/README.md:147
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127822246620.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:75
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127839359771.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:153
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2022/09/09/16626945562298.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:200
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127849396722.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:241
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127850065269.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:245
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/08/16127859798201.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:302
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/06/21/15927532396490.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:350
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/06/21/15927533333272.jpg
references/vendor/feapder-1.9.2/docs/command/cmdline.md:355
🔗
中危 外部 URL 外部 URL
https://www.baidu.com/
references/vendor/feapder-1.9.2/docs/command/cmdline.md:359
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16138971894815.jpg
references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:168
🔗
中危 外部 URL 外部 URL
https://news.qq.com/
references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:242
🔗
中危 外部 URL 外部 URL
http://www.baidu.com
references/vendor/feapder-1.9.2/docs/usage/AirSpider.md:276
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139009217536.jpg
references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:80
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/22/16139762922842.jpg
references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:110
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/22/16139773315622.jpg
references/vendor/feapder-1.9.2/docs/usage/BatchSpider.md:141
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139218044066.jpg
references/vendor/feapder-1.9.2/docs/usage/Spider.md:17
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139031333228.jpg
references/vendor/feapder-1.9.2/docs/usage/Spider.md:109
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2021/02/21/16139224711465.jpg
references/vendor/feapder-1.9.2/docs/usage/Spider.md:146
🔗
中危 外部 URL 外部 URL
http://markdown-media.oss-cn-beijing.aliyuncs.com/2020/12/20/16084680404224.jpg
references/vendor/feapder-1.9.2/docs/usage/使用前必读.md:25
🔗
中危 外部 URL 外部 URL
https://zh.wikipedia.org/wiki/%E6%8E%A7%E5%88%B6%E5%AD%97%E7%AC%A6
references/vendor/feapder-1.9.2/feapder/network/response.py:31
🔗
中危 外部 URL 外部 URL
http://permit.mep.gov.cn/permitExt/syssb/xxgk/xxgk!showImage.action?dataid=0b092f8115ff45c5a50947cdea537726
references/vendor/feapder-1.9.2/feapder/network/response.py:227
🔗
中危 外部 URL 外部 URL
https://open.feishu.cn/document/ukTMukTMukTM/ucTM5YjL3ETO24yNxkjN#e1cdee9f
references/vendor/feapder-1.9.2/feapder/templates/project_template/setting.py:156
🔗
中危 外部 URL 外部 URL
https://12.12.12.12:6666
references/vendor/feapder-1.9.2/tests/air-spider/test_air_spider.py:33
🔗
中危 外部 URL 外部 URL
https://www.baidu.com#
references/vendor/feapder-1.9.2/tests/spider/spiders/test_spider.py:17
📧
提示 邮箱 邮箱地址
[email protected]
references/vendor/feapder-1.9.2/feapder/core/spiders/air_spider.py:8

目录结构

25 文件 · 216.3 KB · 5809 行
Python 12f · 3871L Markdown 12f · 1934L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 223 B
├─ 📁 references
│ ├─ 📁 vendor
│ │ └─ 📁 feapder-1.9.2
│ │ ├─ 📁 docs
│ │ │ ├─ 📁 command
│ │ │ │ └─ 📝 cmdline.md Markdown 386L · 13.2 KB
│ │ │ └─ 📁 usage
│ │ │ ├─ 📝 AirSpider.md Markdown 339L · 11.1 KB
│ │ │ ├─ 📝 BatchSpider.md Markdown 330L · 12.3 KB
│ │ │ ├─ 📝 Spider.md Markdown 203L · 7.1 KB
│ │ │ ├─ 📝 TaskSpider.md Markdown 133L · 4.0 KB
│ │ │ └─ 📝 使用前必读.md Markdown 65L · 2.6 KB
│ │ ├─ 📁 feapder
│ │ │ ├─ 📁 core
│ │ │ │ └─ 📁 spiders
│ │ │ │ ├─ 🐍 air_spider.py Python 138L · 4.4 KB
│ │ │ │ ├─ 🐍 batch_spider.py Python 1215L · 49.5 KB
│ │ │ │ ├─ 🐍 spider.py Python 393L · 13.5 KB
│ │ │ │ └─ 🐍 task_spider.py Python 733L · 27.9 KB
│ │ │ ├─ 📁 network
│ │ │ │ ├─ 🐍 request.py Python 543L · 18.2 KB
│ │ │ │ └─ 🐍 response.py Python 393L · 12.8 KB
│ │ │ └─ 📁 templates
│ │ │ └─ 📁 project_template
│ │ │ ├─ 🐍 main.py Python 79L · 2.1 KB
│ │ │ ├─ 📝 README.md Markdown 7L · 88 B
│ │ │ └─ 🐍 setting.py Python 190L · 9.2 KB
│ │ ├─ 📁 tests
│ │ │ ├─ 📁 air-spider
│ │ │ │ └─ 🐍 test_air_spider.py Python 50L · 1.2 KB
│ │ │ ├─ 📁 batch-spider
│ │ │ │ └─ 📁 spiders
│ │ │ │ └─ 🐍 test_spider.py Python 52L · 1.6 KB
│ │ │ ├─ 📁 spider
│ │ │ │ └─ 📁 spiders
│ │ │ │ └─ 🐍 test_spider.py Python 34L · 1019 B
│ │ │ └─ 📁 test-pipeline
│ │ │ └─ 🐍 pipeline.py Python 51L · 1.4 KB
│ │ └─ 📝 README.md Markdown 153L · 4.4 KB
│ ├─ 📝 code-patterns.md Markdown 114L · 4.6 KB
│ ├─ 📝 settings-debugging-and-sources.md Markdown 56L · 2.9 KB
│ └─ 📝 spider-types-and-scaffolding.md Markdown 68L · 3.2 KB
└─ 📝 SKILL.md Markdown 80L · 7.7 KB

依赖分析 2 项

包名版本来源已知漏洞备注
feapder 1.9.2 (vendored) vendored (references/vendor/feapder-1.9.2/) Fully vendored as static reference snapshot; not fetched via network at runtime
requests unpinned (referenced in vendored feapder) vendored feapder dependency Used by feapder internally; verify=False is a framework design choice for dev flexibility, not malicious behavior

安全亮点

✓ All code is self-contained; no external script downloads or curl|bash execution patterns
✓ No credential harvesting, key iteration, or sensitive file access anywhere in the skill
✓ No obfuscation techniques (base64, eval, atob) or anti-analysis patterns present
✓ No prompt injection instructions, jailbreak hints, or hidden directives in any file
✓ The feapder framework vendored copy is from an identified open-source project (Boris-code/feapder on GitHub)
✓ All skill behavior is fully declared in SKILL.md — code generation for feapder spiders only
✓ No persistence mechanisms (cron, startup hooks, backdoors) detected
✓ No data exfiltration, C2 communication, or outbound telemetry identified