中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:21 小时前 重新扫描
5 /100
data-viz-suite
企业级BI数据可视化套件,支持图表生成、交互式仪表盘、报表导出 (PDF/HTML/Excel)
Legitimate data visualization suite with no security concerns—charts, dashboards, and reports are generated entirely with standard open-source plotting libraries and no sensitive operations.
技能名称data-viz-suite
分析耗时41.9s
引擎pi
可以安装
This skill is safe to use. No action required.

安全发现 1 项

严重性 安全发现 位置
低危
Undeclared matplotlib style name 文档欺骗
chart_generator.py uses matplotlib theme name 'dark_background' which is not listed in SKILL.md's documented theme options ('light', 'dark', 'corporate'). This is a minor documentation gap with zero security impact.
'dark': {'primary': '#2ca02c', 'secondary': '#d62728', 'bg': '#1a1a1a'}
→ Add 'dark_background' to the documented theme list in SKILL.md, or align theme names between chart_engine.py and chart_generator.py.
 scripts/chart_generator.py:12
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 All writes are chart/report output files (e.g., save(), write_html(), export())
网络访问 NONE READ ✓ 一致 dashboard.py:75 loads https://cdn.plot.ly/plotly-latest.min.js for local HTML re…
命令执行 NONE NONE No subprocess, os.system, popen, or shell invocation found
环境变量 NONE NONE No os.environ access found
技能调用 NONE NONE No skill invocation capability found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation found
数据库 READ READ ✓ 一致 SQL support mentioned in docs; no actual DB driver in dependencies but connectio…
1 项发现
🔗
中危 外部 URL 外部 URL
https://cdn.plot.ly/plotly-latest.min.js
scripts/dashboard.py:75

目录结构

10 文件 · 40.5 KB · 1323 行
Python 7f · 1068L Markdown 2f · 246L Text 1f · 9L
├─ 📁 examples
│ └─ 🐍 basic_usage.py Python 152L · 4.6 KB
├─ 📁 scripts
│ ├─ 🐍 chart_engine.py Python 202L · 7.0 KB
│ ├─ 🐍 chart_generator.py Python 89L · 3.3 KB
│ ├─ 🐍 dashboard.py Python 245L · 7.6 KB
│ └─ 🐍 report_generator.py Python 178L · 5.7 KB
├─ 📁 tests
│ ├─ 🐍 test_chart_engine.py Python 116L · 3.5 KB
│ └─ 🐍 test_chart_generator.py Python 86L · 2.9 KB
├─ 📝 README.md Markdown 122L · 2.8 KB
├─ 📄 requirements.txt Text 9L · 140 B
└─ 📝 SKILL.md Markdown 124L · 3.0 KB

依赖分析 9 项

包名版本来源已知漏洞备注
plotly >=5.15.0 pip Version not pinned but major library with active security maintenance
matplotlib >=3.7.0 pip Version not pinned but standard visualization library
seaborn >=0.12.0 pip Version not pinned but standard visualization library
pandas >=2.0.0 pip Version not pinned but standard data library
numpy >=1.24.0 pip Version not pinned but standard numeric library
kaleido >=0.2.0 pip Plotly static image export
openpyxl >=3.1.0 pip Excel export support
reportlab >=3.6.0 pip PDF generation
jupyter >=1.0.0 pip Optional development dependency

安全亮点

✓ No shell execution, subprocess, or command injection vectors
✓ No credential harvesting or environment variable enumeration
✓ No network exfiltration or C2 communication patterns
✓ No obfuscation (base64, eval, atob) or anti-analysis techniques
✓ All network I/O is limited to loading Plotly JS from CDN for local HTML rendering
✓ Dependencies are standard, well-known data viz libraries (plotly, pandas, matplotlib, seaborn)
✓ File I/O is limited to writing user-requested chart/report output files
✓ All functionality described in SKILL.md is actually implemented in code
✓ Includes comprehensive unit tests covering core functionality