扫描报告
5 /100
quotedance-rss-digest
RSS资讯流聚合技能 - Aggregates user's RSS feed subscriptions into a Markdown digest
RSS aggregation skill that legitimately fetches and caches feeds from user subscriptions without any malicious activity.
可以安装
No action needed. The skill operates as documented with standard RSS feed fetching, local caching, and Markdown output.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | API key field declared but empty | config.json:3 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Reads config.json, writes cache files to memory/ directory |
| 网络访问 | READ | READ | ✓ 一致 | Fetches from quotedance-service API and RSS feeds |
| 命令执行 | NONE | NONE | — | No shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Reads QUTEDANCE_API_KEY from process.env |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser automation found |
| 数据库 | NONE | NONE | — | No database access found |
3 项发现
中危 外部 URL 外部 URL
https://quotedance.api.gapgap.cc SKILL.md:17 中危 外部 URL 外部 URL
https://36kr.com/feed memory/rss-source-cache.json:10 中危 外部 URL 外部 URL
https://xueqiu.com/hots/topic/rss memory/rss-source-cache.json:18 目录结构
4 文件 · 22.8 KB · 797 行 JavaScript 1f · 577L
Markdown 1f · 149L
JSON 2f · 71L
├─
▾
memory
│ └─
rss-source-cache.json
JSON
├─
▾
scripts
│ └─
rss-digest.js
JavaScript
├─
config.json
⚠
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No shell execution (no child_process, exec, or spawn calls)
✓ No credential harvesting or data exfiltration
✓ No base64 encoding, obfuscation, or eval statements
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No curl|bash or wget|sh remote script execution
✓ Clear, readable code with proper error handling
✓ Local caching is scoped to skill directory only
✓ Code matches documentation in SKILL.md