siyuan-article-import
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes subprocess.run to call internal Python helper scripts (e.g., scripts/upload_image.py) to process images. This is used to manage file transfers and avoid character encoding issues on certain operating systems.- [EXTERNAL_DOWNLOADS]: The skill fetches article content and images from external web sources, including WeChat (mp.weixin.qq.com), Zhihu, and other user-provided URLs, which is required for its article-importing functionality.- [CREDENTIALS_UNSAFE]: The skill manages authentication via a local configuration file (siyuan.json) that stores API tokens and WebDAV credentials. It does not contain hardcoded secrets and correctly uses this configuration for authenticating with the user's SiYuan Note instance.
Audit Metadata