中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
bp-manager
BP管理助手 — 查看/管理自己与下级的BP(目标/关键成果/关键举措)、AI质量检查
The bp-manager skill is a legitimate BP (Business Plan) management assistant that provides read/write operations against a corporate API. No malicious behavior, credential harvesting, or data exfiltration was detected.
技能名称bp-manager
分析耗时30.4s
引擎pi
可以安装
This skill is safe to use. Ensure BP_APP_KEY is stored securely and not logged in plain text.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 scripts/bp_client.py:37-50 - Uses urllib.request for HTTP GET/POST to sg-al-cwor…
环境变量 READ READ ✓ 一致 scripts/bp_client.py:17 - Accesses BP_APP_KEY only
命令执行 NONE NONE No subprocess or shell execution found in code
文件系统 NONE NONE No file read/write operations in code
技能调用 EXEC EXEC ✓ 一致 SKILL.md declares bp_client and commands tools with exec permission
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation found
数据库 NONE NONE No direct database access found
1 项发现
🔗
中危 外部 URL 外部 URL
https://sg-al-cwork-web.mediportal.com.cn/open-api
scripts/bp_client.py:19

目录结构

9 文件 · 62.6 KB · 2137 行
Markdown 7f · 1523L Python 2f · 614L
├─ 📁 design
│ └─ 📝 design.md Markdown 171L · 3.9 KB
├─ 📁 references
│ ├─ 📝 api-endpoints.md Markdown 162L · 4.8 KB
│ ├─ 📝 api-request--20260404.md Markdown 240L · 6.5 KB
│ └─ 📝 kangzhe-rules.md Markdown 200L · 6.3 KB
├─ 📁 scripts
│ ├─ 🐍 bp_client.py Python 219L · 8.2 KB
│ └─ 🐍 commands.py Python 395L · 13.8 KB
├─ 📝 README.md Markdown 173L · 4.2 KB
├─ 📝 setup.md Markdown 126L · 2.5 KB
└─ 📝 SKILL.md Markdown 451L · 12.4 KB

安全亮点

✓ All capabilities declared in SKILL.md match actual implementation
✓ No shell execution or subprocess usage
✓ No credential harvesting or exfiltration
✓ No base64 encoding or obfuscation
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ No curl|bash or wget|sh patterns
✓ Uses only Python standard library (urllib) - no third-party dependencies
✓ API endpoint uses HTTPS domain (not direct IP)
✓ Security considerations documented in design.md