中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:18 小时前 重新扫描
10 /100
fortune-china500
获取《财富》中国 500 强企业排行榜数据,支持查询不同年份的完整 500 强企业名单。自动判断榜单发布时间(每年 7 月),输出 Excel 文件包含排名、企业名称、行业、营收等数据。
This is a legitimate Fortune China 500 data fetching skill with no malicious behavior detected.
技能名称fortune-china500
分析耗时29.1s
引擎pi
可以安装
Skill is safe to use. Consider pinning dependencies for better supply chain hygiene.

安全发现 1 项

严重性 安全发现 位置
低危
Unpinned Python dependencies 供应链
The script imports requests, bs4 (BeautifulSoup), and openpyxl without version constraints. While these are standard libraries, not pinning versions could lead to unexpected behavior if dependencies are updated.
import requests
from bs4 import BeautifulSoup
import openpyxl
→ Add version pinning: requests==2.31.0, beautifulsoup4==4.12.0, openpyxl==3.1.2
 fortune500_fetch.py:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 fortune500_fetch.py:135 - wb.save(output_path)
网络访问 READ READ ✓ 一致 fortune500_fetch.py:77 - requests.get(url, headers=headers, timeout=30)
1 项发现
🔗
中危 外部 URL 外部 URL
https://www.caifuzhongwen.com/fortune500/paiming/china500/
fortune500_fetch.py:71

目录结构

3 文件 · 10.8 KB · 345 行
Python 1f · 206L Markdown 2f · 139L
├─ 🐍 fortune500_fetch.py Python 206L · 7.1 KB
├─ 📝 README.md Markdown 77L · 2.2 KB
└─ 📝 SKILL.md Markdown 62L · 1.6 KB

依赖分析 3 项

包名版本来源已知漏洞备注
requests * pip Version not pinned
beautifulsoup4 * pip Version not pinned
openpyxl * pip Version not pinned

安全亮点

✓ No shell execution or subprocess calls detected
✓ No credential harvesting or environment variable scanning
✓ No obfuscation techniques (base64, eval, encoded strings)
✓ No data exfiltration or C2 communication
✓ Network access limited to a single legitimate Chinese website (caifuzhongwen.com)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Code is readable and straightforward - simple HTML parsing to Excel export
✓ Documentation accurately reflects code functionality
✓ MIT license provided