Skills
skills/daymade/claude-code-skills/douban-skill/Gen Agent Trust Hub

douban-skill

Warn

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/douban-frodo-export.py contains a hardcoded API_KEY and HMAC_SECRET. These are used to authenticate requests to the Frodo API. Although the skill documentation identifies them as public mobile app credentials, hardcoding secrets is a security risk.\n- [DATA_EXFILTRATION]: The Python script scripts/douban-frodo-export.py makes network requests to frodo.douban.com and www.douban.com using urllib.request. These domains are not on the standard whitelist, although they are necessary for the skill's intended functionality.\n- [DATA_EXFILTRATION]: The Node.js script scripts/douban-rss-sync.mjs performs network operations to fetch user RSS feeds from www.douban.com, representing data movement from an external service to the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 08:03 PM