Skills
skills/chldong/kuaipu-skill/kuaipu-skill/Gen Agent Trust Hub

kuaipu-skill

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions in README.md and SKILL.md require users to store sensitive login credentials (kuaipu_user, kuaipu_pass) in a local .env file. Storing credentials in plain text on the file system poses a risk of exposure if the environment is not properly secured.
  • [EXTERNAL_DOWNLOADS]: The skill uses the webdriver-manager package to automatically download Chrome browser drivers from the internet. Additionally, the installation steps in README.md and SKILL.md instruct users to download the ddddocr library, which is used for captcha recognition. These external dependencies involve fetching and executing code from remote sources.
  • [DATA_EXPOSURE]: The script kuaipu_skill.py saves session cookies to tmp/kuaipu_cookies.pkl and takes screenshots of the application pages, storing them in a local tmp directory. While these files are stored locally for automation and debugging, they contain sensitive session information and application data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:41 PM