中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 22/100
Last scan:17 hr ago Rescan
22 /100
daxiang-daily-report
生成大象(即时通讯工具)每日沟通分析报告
A legitimate Daxiang IM daily-report generator with one documentation gap: SKILL.md omits subprocess usage for the `dx` CLI tool, creating a declared-vs-inferred capability mismatch, but no malicious behavior is present.
Skill Namedaxiang-daily-report
Duration54.3s
Enginepi
Safe to install
Add a brief note to SKILL.md (数据获取 section) stating that the skill may invoke the `dx` CLI via subprocess when local data files are absent. This closes the doc-deception gap. No other action needed.

Findings 3 items

Severity Finding Location
Medium
Undeclared subprocess/CLI invocation Doc Mismatch
SKILL.md states data originates from 'data/' directory files, but the Python script contains a full fetch_messages_via_dx() function (lines 116-169) that invokes the dx CLI via subprocess.run() when local data is missing. This shell execution is not declared anywhere in SKILL.md.
def fetch_messages_via_dx(date_key: str) -> List[Dict]:
    import subprocess
    result = subprocess.run(['dx', '--help'], capture_output=True, text=True, timeout=5)
→ Add a '数据获取' or '依赖工具' section to SKILL.md explicitly stating that the skill requires the 'dx' CLI tool (npm i -g @mtfe/meituan-dx) and may invoke it via subprocess when local JSON data is unavailable.
 scripts/daxiang_daily_report.py:116
Low
Hardcoded personal directory paths Priv Escalation
The script hardcodes /Users/hongfei/ paths as defaults for SKILL_DIR, WORKSPACE, DATA_DIR, and REPORT_DIR. While environment variable fallbacks exist, the hardcoded paths suggest this was written for a specific user's environment.
SKILL_DIR = Path("/Users/hongfei/.openclaw/skills/daxiang-daily-report")
WORKSPACE = Path(os.environ.get("DAXIANG_WORKSPACE", "/Users/hongfei/.openclaw/workspace-taizi"))
→ Use a platform-agnostic base (e.g., Path.home() or a configurable root) and document the environment variables clearly in SKILL.md.
 scripts/daxiang_daily_report.py:16
Low
Internal Meituan registry URL in error messages Doc Mismatch
Error messages in fetch_messages_via_dx() include http://r.npm.sankuai.com, a Meituan-internal npm registry URL. This leaks information about the target environment and may confuse users outside that organization.
raise FileNotFoundError("DX CLI未安装,请先安装:npm i -g @mtfe/meituan-dx --registry=http://r.npm.sankuai.com")
→ Remove the internal registry URL from user-facing error messages, or make it configurable via environment variable.
 scripts/daxiang_daily_report.py:143
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ+WRITE ✓ Aligned scripts/daxiang_daily_report.py:634 — writes report to REPORT_DIR via open()
Shell NONE WRITE ✗ Violation scripts/daxiang_daily_report.py:116-169 — subprocess.run(['dx', 'sessions', ...]…
Network NONE NONE No direct HTTP requests; dx CLI handles its own network layer locally
Environment NONE READ ✓ Aligned scripts/daxiang_daily_report.py:18-23 — reads DAXIANG_WORKSPACE, DAXIANG_DATA_DI…
8 findings
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-green
README.md:5
🔗
Medium External URL 外部 URL
https://openclaw.com
README.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/Version-V19-blue
README.md:6
🔗
Medium External URL 外部 URL
https://x.sankuai.com/
README.md:313
🔗
Medium External URL 外部 URL
https://openclaw.com/docs
README.md:342
🔗
Medium External URL 外部 URL
https://wiki.sankuai.com
README.md:350
🔗
Medium External URL 外部 URL
http://r.npm.sankuai.com
scripts/daxiang_daily_report.py:143
🔗
Medium External URL 外部 URL
http://r.npm.sankuai.com\n2.
scripts/daxiang_daily_report.py:328

File Tree

5 files · 54.7 KB · 1600 lines
Python 1f · 1129L Markdown 2f · 452L Shell 1f · 12L JSON 1f · 7L
├─ 📁 scripts
│ ├─ 🐍 daxiang_daily_report.py Python 1129L · 42.8 KB
│ └─ 🔧 run_daxiang_report.sh Shell 12L · 348 B
├─ 📋 _meta.json JSON 7L · 230 B
├─ 📝 README.md Markdown 354L · 8.8 KB
└─ 📝 SKILL.md Markdown 98L · 2.5 KB

Security Positives

✓ No credential harvesting or token exfiltration detected
✓ No external network requests from the Python script itself
✓ No base64 encoding, eval(), or obfuscation techniques
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No reverse shell, C2 communication, or persistence mechanisms
✓ Data processing is purely local — messages are read from JSON and rendered into Markdown reports
✓ subprocess is used exclusively for the legitimate dx CLI tool, not for arbitrary command execution
✓ Comprehensive README.md with clear usage documentation and troubleshooting guide
✓ No malicious dependencies detected