中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
lead-gen-website-pipeline
Automated lead generation pipeline that finds local businesses with weak/no websites, AI-generates custom demo sites, deploys to Vercel, and runs a 5-email cold outreach drip sequence via AgentMail.
This is a documentation-only skill describing a legitimate lead generation pipeline. No executable code, scripts, or dependencies are included in the package.
技能名称lead-gen-website-pipeline
分析耗时33.8s
引擎pi
可以安装
Safe to use. The skill is purely instructional and references node scripts that do not exist in this package. If deploying, ensure the referenced node scripts from the GitHub repo are reviewed separately.

安全发现 2 项

严重性 安全发现 位置
低危
Documentation-only package without implementation 文档欺骗
SKILL.md references node scripts (poll-approved-leads.js, run-poller.js, send-outreach.js) and a GitHub repo that contain the actual implementation. This package contains only documentation.
git clone https://github.com/RazzleDazzleI/lead-gen-pipeline.git
→ Code review should target the GitHub repository, not this documentation package.
 SKILL.md:1
提示
Broad API key requirements 权限提升
The skill requires multiple high-value API keys (Google, OpenAI, Anthropic, Vercel, AgentMail). While documented, these represent significant permissions if the referenced node scripts were executed.
ANTHROPIC_API_KEY | Anthropic | Claude for spec generation
→ Ensure API keys have minimal scopes and are not used in environments with broader permissions than necessary.
 SKILL.md:31
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file read/write operations in package
网络访问 READ READ ✓ 一致 API calls to Google Places, Vercel, AgentMail are documented and declared
命令执行 NONE NONE No shell scripts or node binaries in package
环境变量 WRITE WRITE ✓ 一致 API keys declared in SKILL.md metadata
技能调用 NONE READ ✓ 一致 Standard skill invocation capability
剪贴板 NONE NONE No clipboard access documented
浏览器 NONE NONE No browser automation documented
数据库 NONE READ ✓ 一致 Google Sheets API access declared
3 项发现
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:11434
references/env-example.md:29
📧
提示 邮箱 邮箱地址
[email protected]
references/env-example.md:22
📧
提示 邮箱 邮箱地址
[email protected]
references/env-example.md:25

目录结构

5 文件 · 14.4 KB · 418 行
Markdown 4f · 388L JSON 1f · 30L
├─ 📁 references
│ ├─ 📝 drip-sequence.md Markdown 68L · 2.3 KB
│ ├─ 📝 env-example.md Markdown 32L · 1.0 KB
│ └─ 📝 google-sheet-setup.md Markdown 52L · 1.6 KB
├─ 📋 _meta.json JSON 30L · 809 B
└─ 📝 SKILL.md Markdown 236L · 8.7 KB

安全亮点

✓ No executable code or scripts in the package — purely documentation
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ All API key requirements are explicitly declared in SKILL.md metadata
✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env reads)
✓ No external IP addresses or C2 communication patterns
✓ No credential harvesting beyond what is declared as required for the pipeline
✓ No supply chain concerns since no dependencies are included