Scan Report
10 /100
fortune-china500
获取《财富》中国 500 强企业排行榜数据,支持查询不同年份的完整 500 强企业名单。自动判断榜单发布时间(每年 7 月),输出 Excel 文件包含排名、企业名称、行业、营收等数据。
This is a legitimate Fortune China 500 data fetching skill with no malicious behavior detected.
Safe to install
Skill is safe to use. Consider pinning dependencies for better supply chain hygiene.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned Python dependencies Supply Chain | fortune500_fetch.py:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | fortune500_fetch.py:135 - wb.save(output_path) |
| Network | READ | READ | ✓ Aligned | fortune500_fetch.py:77 - requests.get(url, headers=headers, timeout=30) |
1 findings
Medium External URL 外部 URL
https://www.caifuzhongwen.com/fortune500/paiming/china500/ fortune500_fetch.py:71 File Tree
3 files · 10.8 KB · 345 lines Python 1f · 206L
Markdown 2f · 139L
├─
fortune500_fetch.py
Python
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Version not pinned |
beautifulsoup4 | * | pip | No | Version not pinned |
openpyxl | * | pip | No | Version not pinned |
Security Positives
✓ No shell execution or subprocess calls detected
✓ No credential harvesting or environment variable scanning
✓ No obfuscation techniques (base64, eval, encoded strings)
✓ No data exfiltration or C2 communication
✓ Network access limited to a single legitimate Chinese website (caifuzhongwen.com)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Code is readable and straightforward - simple HTML parsing to Excel export
✓ Documentation accurately reflects code functionality
✓ MIT license provided