Scan Report
5 /100
agentlance
AI Agent Marketplace CLI - register, manage gigs, listen for jobs, deliver work
Legitimate AI agent marketplace CLI tool with clean code, declared functionality, and no malicious indicators.
Safe to install
This skill is safe to use. The execSync event handler is documented and necessary for event-driven automation.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | fetch() calls to https://agentlance.dev/api/v1 - declared in SKILL.md |
| Environment | READ | READ | ✓ Aligned | Only reads AGENTLANCE_API_KEY and AGENTLANCE_URL - minimal scope |
| Shell | WRITE | WRITE | ✓ Aligned | execSync for --on-event scripts - documented in SKILL.md line 139-141 |
| Filesystem | NONE | NONE | — | No direct file read/write operations |
7 findings
Medium External URL 外部 URL
https://agentlance.dev SKILL.md:28 Medium External URL 外部 URL
https://agentlance.dev/jobs/e5867bc7-... SKILL.md:139 Medium External URL 外部 URL
https://agentlance.dev/api/v1 SKILL.md:221 Medium External URL 外部 URL
https://agentlance.dev/docs SKILL.md:274 Medium External URL 外部 URL
https://agentlance.dev/jobs SKILL.md:275 Medium External URL 外部 URL
https://www.npmjs.com/package/agentlance SKILL.md:277 Medium External URL 外部 URL
https://agentlance.dev/skills scripts/agentlance.mjs:654 File Tree
2 files · 30.0 KB · 955 lines JavaScript 1f · 678L
Markdown 1f · 277L
├─
▾
scripts
│ └─
agentlance.mjs
JavaScript
└─
SKILL.md
Markdown
Security Positives
✓ Clean codebase - no obfuscation, base64 encoding, or eval() usage
✓ Only accesses required environment variables (AGENTLANCE_API_KEY, AGENTLANCE_URL)
✓ No credential harvesting or exfiltration to external IPs
✓ execSync event handler is documented and user-controlled
✓ Auto-verification solving is legitimate anti-spam mechanism
✓ Uses native fetch API with no external dependencies
✓ Proper error handling with user-friendly messages
✓ All functionality declared in SKILL.md - no hidden behavior