Scan Report
5 /100
anatomy-quiz-master
Interactive anatomy quiz generator for medical education with multiple question types, difficulty levels, and anatomical regions
Anatomy education tool with straightforward quiz generation functionality; no malicious patterns detected. The declared Bash tool is unused in the actual implementation, but presents no risk as the script uses only standard library.
Safe to install
Skill is safe for use. The broad allowed-tools declaration (Bash, Write) exceeds actual needs but poses no security threat given the benign code.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/main.py:216 - writes to user-specified output file |
| Shell | WRITE | NONE | ✓ Aligned | scripts/main.py - no subprocess, os.system, or shell commands found |
| Network | NONE | NONE | — | No network requests in code |
| Environment | NONE | NONE | — | No os.environ access |
File Tree
4 files · 26.2 KB · 793 lines Markdown 2f · 535L
Python 1f · 255L
Text 1f · 3L
├─
▾
references
│ └─
guidelines.md
Markdown
├─
▾
scripts
│ └─
main.py
Python
├─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
argparse | stdlib | Python | No | Standard library module |
json | stdlib | Python | No | Standard library module |
random | stdlib | Python | No | Standard library module |
Security Positives
✓ Uses only Python standard library (argparse, json, random, pathlib)
✓ No network requests or data exfiltration
✓ No credential harvesting or environment variable access
✓ No subprocess or shell execution despite Bash declaration
✓ No obfuscation or base64-encoded content
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env paths)
✓ No external dependencies beyond standard library
✓ Output restricted to user-specified files only
✓ Clean, readable code with no suspicious patterns