Scan Report
0 /100
node-auto-debugger
Scan Node.js/Express/Next.js projects for bugs, security issues, and anti-patterns
Legitimate Node.js security auditing tool with no malicious behavior detected — all declared capabilities match implementation, no data exfiltration, and shell execution is limited to documented npm build verification.
Safe to install
Skill is safe for use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Scripts reads source files for analysis (line 1-200) |
| Filesystem | WRITE | WRITE | ✓ Aligned | Writes AUTO-DEBUG-REPORT.md to project directory (line 310) |
| Shell | WRITE | WRITE | ✓ Aligned | Uses spawnSync('npm', ['run', 'build']) only with --build flag (line 220) |
| Network | NONE | NONE | — | No network requests found |
| Environment | NONE | READ | ✓ Aligned | Reads process.env only in target code being analyzed, not exfiltrated |
File Tree
2 files · 16.8 KB · 415 lines JavaScript 1f · 335L
Markdown 1f · 80L
├─
▾
scripts
│ └─
auto-debug.js
JavaScript
└─
SKILL.md
Markdown
Security Positives
✓ All functionality declared in SKILL.md matches actual implementation
✓ No data exfiltration or credential theft — hardcoded secrets are reported locally only
✓ Shell execution (npm build) is opt-in via --build flag and explicitly documented
✓ Uses only Node.js built-in modules (fs, path, child_process) — no external dependencies
✓ Code is clear, readable, and auditable with no obfuscation
✓ No hidden behavior, reverse shells, or C2 communication
✓ Report output is written locally to project directory, not transmitted externally