Skills
skills/caoliao/deepscan-skills/deepscan-export/Gen Agent Trust Hub

deepscan-export

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the local script scripts/export.py to handle commands for exporting scan data in Excel, CSV, or TXT formats.
  • [EXTERNAL_DOWNLOADS]: Interacts with the CaoLiao API domain data.cli.im using the requests library to initiate data exports. The skill returns file URLs hosted on Aliyun OSS (cli-deepscan-net.oss-cn-hangzhou.aliyuncs.com), which is a well-known cloud storage service.
  • [DATA_EXFILTRATION]: Reads authentication tokens and task metadata from the user's home directory (~/.deepscan/token and ~/.deepscan/config.json). This information is transmitted to the vendor's API to authorize the export request. As the author is identified as 'caoliao' and the target service is CaoLiao (cli.im), this behavior is the primary intended function and does not represent an unauthorized data leak.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:47 PM