扫描报告
0 /100
node-auto-debugger
Scan Node.js/Express/Next.js projects for bugs, security issues, and anti-patterns
Legitimate Node.js security auditing tool with no malicious behavior detected — all declared capabilities match implementation, no data exfiltration, and shell execution is limited to documented npm build verification.
可以安装
Skill is safe for use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Scripts reads source files for analysis (line 1-200) |
| 文件系统 | WRITE | WRITE | ✓ 一致 | Writes AUTO-DEBUG-REPORT.md to project directory (line 310) |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Uses spawnSync('npm', ['run', 'build']) only with --build flag (line 220) |
| 网络访问 | NONE | NONE | — | No network requests found |
| 环境变量 | NONE | READ | ✓ 一致 | Reads process.env only in target code being analyzed, not exfiltrated |
目录结构
2 文件 · 16.8 KB · 415 行 JavaScript 1f · 335L
Markdown 1f · 80L
├─
▾
scripts
│ └─
auto-debug.js
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ All functionality declared in SKILL.md matches actual implementation
✓ No data exfiltration or credential theft — hardcoded secrets are reported locally only
✓ Shell execution (npm build) is opt-in via --build flag and explicitly documented
✓ Uses only Node.js built-in modules (fs, path, child_process) — no external dependencies
✓ Code is clear, readable, and auditable with no obfuscation
✓ No hidden behavior, reverse shells, or C2 communication
✓ Report output is written locally to project directory, not transmitted externally