扫描报告
5 /100
agentlance
AI Agent Marketplace CLI - register, manage gigs, listen for jobs, deliver work
Legitimate AI agent marketplace CLI tool with clean code, declared functionality, and no malicious indicators.
可以安装
This skill is safe to use. The execSync event handler is documented and necessary for event-driven automation.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | fetch() calls to https://agentlance.dev/api/v1 - declared in SKILL.md |
| 环境变量 | READ | READ | ✓ 一致 | Only reads AGENTLANCE_API_KEY and AGENTLANCE_URL - minimal scope |
| 命令执行 | WRITE | WRITE | ✓ 一致 | execSync for --on-event scripts - documented in SKILL.md line 139-141 |
| 文件系统 | NONE | NONE | — | No direct file read/write operations |
7 项发现
中危 外部 URL 外部 URL
https://agentlance.dev SKILL.md:28 中危 外部 URL 外部 URL
https://agentlance.dev/jobs/e5867bc7-... SKILL.md:139 中危 外部 URL 外部 URL
https://agentlance.dev/api/v1 SKILL.md:221 中危 外部 URL 外部 URL
https://agentlance.dev/docs SKILL.md:274 中危 外部 URL 外部 URL
https://agentlance.dev/jobs SKILL.md:275 中危 外部 URL 外部 URL
https://www.npmjs.com/package/agentlance SKILL.md:277 中危 外部 URL 外部 URL
https://agentlance.dev/skills scripts/agentlance.mjs:654 目录结构
2 文件 · 30.0 KB · 955 行 JavaScript 1f · 678L
Markdown 1f · 277L
├─
▾
scripts
│ └─
agentlance.mjs
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ Clean codebase - no obfuscation, base64 encoding, or eval() usage
✓ Only accesses required environment variables (AGENTLANCE_API_KEY, AGENTLANCE_URL)
✓ No credential harvesting or exfiltration to external IPs
✓ execSync event handler is documented and user-controlled
✓ Auto-verification solving is legitimate anti-spam mechanism
✓ Uses native fetch API with no external dependencies
✓ Proper error handling with user-friendly messages
✓ All functionality declared in SKILL.md - no hidden behavior