中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
wechat-style-publisher
多账号微信公众号文章发布工具,支持主题化HTML和模板变量
Legitimate WeChat Official Account article publishing tool with no malicious behavior detected.
技能名称wechat-style-publisher
分析耗时33.3s
引擎pi
可以安装
No action required. The skill performs standard WeChat API operations for article publishing.
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 set-config.mjs writes to config files; apply-style.mjs writes output HTML
网络访问 READ READ ✓ 一致 All network calls go to official WeChat API (api.weixin.qq.com)
命令执行 NONE NONE No subprocess, exec, or shell command execution found
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.weixin.qq.com
assets/config.example.json:4

目录结构

15 文件 · 75.6 KB · 1661 行
JavaScript 5f · 937L Python 2f · 555L JSON 3f · 75L Markdown 1f · 49L CSS 1f · 36L HTML 2f · 8L Text 1f · 1L
├─ 📁 assets
│ ├─ 📁 templates
│ │ ├─ 📄 intro.html HTML 4L · 163 B
│ │ └─ 📄 outro.html HTML 4L · 196 B
│ ├─ 📋 config.example.json JSON 53L · 1.8 KB
│ ├─ 📄 custom-overrides.css CSS 36L · 556 B
│ └─ 📋 template-variables.example.json JSON 3L · 22 B
├─ 📁 lib
│ └─ 📜 style.mjs JavaScript 282L · 20.3 KB
├─ 📁 scripts
│ ├─ 📜 apply-style.mjs JavaScript 79L · 2.4 KB
│ ├─ 📜 import-template-node.mjs JavaScript 247L · 7.4 KB
│ ├─ 🐍 import-template-python.py Python 236L · 9.9 KB
│ ├─ 📜 publish-node.mjs JavaScript 241L · 8.9 KB
│ ├─ 🐍 publish-python.py Python 319L · 19.3 KB
│ └─ 📜 set-config.mjs JavaScript 88L · 2.2 KB
├─ 📋 package.json JSON 19L · 454 B
├─ 📄 requirements.txt Text 1L · 15 B
└─ 📝 SKILL.md Markdown 49L · 2.0 KB

依赖分析 3 项

包名版本来源已知漏洞备注
highlight.js ^11.11.1 npm Caret range - accepts minor updates
juice ^11.0.3 npm Caret range - accepts minor updates
httpx >=0.27,<1 pip Version range without upper bound pinning

安全亮点

✓ All network traffic goes to official WeChat API endpoints
✓ No credential exfiltration - appId/appSecret used only for WeChat API authentication
✓ No obfuscated code or base64-encoded payloads
✓ No subprocess/shell execution patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Clean codebase with no hidden functionality
✓ Token caching is local-only and within expected scope
✓ Dependencies (highlight.js, juice, httpx) are well-known legitimate libraries