中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:19 小时前 重新扫描
22 /100
daxiang-daily-report
生成大象(即时通讯工具)每日沟通分析报告
A legitimate Daxiang IM daily-report generator with one documentation gap: SKILL.md omits subprocess usage for the `dx` CLI tool, creating a declared-vs-inferred capability mismatch, but no malicious behavior is present.
技能名称daxiang-daily-report
分析耗时54.3s
引擎pi
可以安装
Add a brief note to SKILL.md (数据获取 section) stating that the skill may invoke the `dx` CLI via subprocess when local data files are absent. This closes the doc-deception gap. No other action needed.

安全发现 3 项

严重性 安全发现 位置
中危
Undeclared subprocess/CLI invocation 文档欺骗
SKILL.md states data originates from 'data/' directory files, but the Python script contains a full fetch_messages_via_dx() function (lines 116-169) that invokes the dx CLI via subprocess.run() when local data is missing. This shell execution is not declared anywhere in SKILL.md.
def fetch_messages_via_dx(date_key: str) -> List[Dict]:
    import subprocess
    result = subprocess.run(['dx', '--help'], capture_output=True, text=True, timeout=5)
→ Add a '数据获取' or '依赖工具' section to SKILL.md explicitly stating that the skill requires the 'dx' CLI tool (npm i -g @mtfe/meituan-dx) and may invoke it via subprocess when local JSON data is unavailable.
 scripts/daxiang_daily_report.py:116
低危
Hardcoded personal directory paths 权限提升
The script hardcodes /Users/hongfei/ paths as defaults for SKILL_DIR, WORKSPACE, DATA_DIR, and REPORT_DIR. While environment variable fallbacks exist, the hardcoded paths suggest this was written for a specific user's environment.
SKILL_DIR = Path("/Users/hongfei/.openclaw/skills/daxiang-daily-report")
WORKSPACE = Path(os.environ.get("DAXIANG_WORKSPACE", "/Users/hongfei/.openclaw/workspace-taizi"))
→ Use a platform-agnostic base (e.g., Path.home() or a configurable root) and document the environment variables clearly in SKILL.md.
 scripts/daxiang_daily_report.py:16
低危
Internal Meituan registry URL in error messages 文档欺骗
Error messages in fetch_messages_via_dx() include http://r.npm.sankuai.com, a Meituan-internal npm registry URL. This leaks information about the target environment and may confuse users outside that organization.
raise FileNotFoundError("DX CLI未安装,请先安装:npm i -g @mtfe/meituan-dx --registry=http://r.npm.sankuai.com")
→ Remove the internal registry URL from user-facing error messages, or make it configurable via environment variable.
 scripts/daxiang_daily_report.py:143
资源类型声明权限推断权限状态证据
文件系统 READ READ+WRITE ✓ 一致 scripts/daxiang_daily_report.py:634 — writes report to REPORT_DIR via open()
命令执行 NONE WRITE ✗ 越权 scripts/daxiang_daily_report.py:116-169 — subprocess.run(['dx', 'sessions', ...]…
网络访问 NONE NONE No direct HTTP requests; dx CLI handles its own network layer locally
环境变量 NONE READ ✓ 一致 scripts/daxiang_daily_report.py:18-23 — reads DAXIANG_WORKSPACE, DAXIANG_DATA_DI…
8 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-green
README.md:5
🔗
中危 外部 URL 外部 URL
https://openclaw.com
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/Version-V19-blue
README.md:6
🔗
中危 外部 URL 外部 URL
https://x.sankuai.com/
README.md:313
🔗
中危 外部 URL 外部 URL
https://openclaw.com/docs
README.md:342
🔗
中危 外部 URL 外部 URL
https://wiki.sankuai.com
README.md:350
🔗
中危 外部 URL 外部 URL
http://r.npm.sankuai.com
scripts/daxiang_daily_report.py:143
🔗
中危 外部 URL 外部 URL
http://r.npm.sankuai.com\n2.
scripts/daxiang_daily_report.py:328

目录结构

5 文件 · 54.7 KB · 1600 行
Python 1f · 1129L Markdown 2f · 452L Shell 1f · 12L JSON 1f · 7L
├─ 📁 scripts
│ ├─ 🐍 daxiang_daily_report.py Python 1129L · 42.8 KB
│ └─ 🔧 run_daxiang_report.sh Shell 12L · 348 B
├─ 📋 _meta.json JSON 7L · 230 B
├─ 📝 README.md Markdown 354L · 8.8 KB
└─ 📝 SKILL.md Markdown 98L · 2.5 KB

安全亮点

✓ No credential harvesting or token exfiltration detected
✓ No external network requests from the Python script itself
✓ No base64 encoding, eval(), or obfuscation techniques
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ No reverse shell, C2 communication, or persistence mechanisms
✓ Data processing is purely local — messages are read from JSON and rendered into Markdown reports
✓ subprocess is used exclusively for the legitimate dx CLI tool, not for arbitrary command execution
✓ Comprehensive README.md with clear usage documentation and troubleshooting guide
✓ No malicious dependencies detected