中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 12/100
Last scan:18 hr ago Rescan
12 /100
smart-coding-assistant
智能多模型编程助手,根据任务类型自动选择最优代码大模型。支持代码生成、审查、调试、重构、测试等场景。
A legitimate multi-model coding assistant skill that routes tasks to different LLM APIs. No malicious behavior observed — subprocess is imported but never invoked, API keys are accessed only from environment variables as declared, and all network I/O is limited to model API calls.
Skill Namesmart-coding-assistant
Duration41.3s
Enginepi
Safe to install
Remove the unused `import subprocess` from coding_assistant.py to eliminate the false signal. Otherwise the skill is safe to use as documented.

Findings 3 items

Severity Finding Location
Low
Unused subprocess import creates misleading signal Doc Mismatch
coding_assistant.py imports `subprocess` on line 13 but the module is never invoked anywhere in the codebase. This dead import may trigger security scanners or cause false positive alerts about shell execution capabilities.
import subprocess
→ Remove the unused `import subprocess` line to eliminate the false positive signal. If shell execution is planned for a future feature, it should be declared in SKILL.md.
 scripts/coding_assistant.py:13
Low
Config file read not declared in SKILL.md Sensitive Access
coding_assistant.py reads ~/.smart_coding_config.json for configuration but this filesystem:READ operation is not mentioned in SKILL.md's capability documentation. This is a minor doc-to-code mismatch for a standard config file.
config_path = Path.home() / ".smart_coding_config.json"
→ Add filesystem:READ to the declared permissions in SKILL.md, noting that only the user's local config file is accessed for reading.
 scripts/coding_assistant.py:22
Info
Placeholder API key patterns flagged in DELIVERY.md Doc Mismatch
DELIVERY.md lines 207-208 contain example patterns API_KEY="your-bailian-key" and API_KEY="your-deepseek-key". These are clearly placeholder strings, not real credentials. Pre-scan flagged these as high-risk IOCs but they pose no actual threat.
export QWEN_API_KEY="your-bailian-key"
→ No action needed — these are example placeholders. Consider adding a comment like '# REPLACE WITH YOUR ACTUAL KEY' to avoid future scanner confusion.
 DELIVERY.md:207
ResourceDeclaredInferredStatusEvidence
Environment READ READ ✓ Aligned coding_assistant.py:58-67 reads QWEN_API_KEY, DEEPSEEK_API_KEY, GLM_API_KEY
Network READ READ ✓ Aligned coding_assistant.py:50-100 makes model API calls (mocked)
Filesystem NONE READ ✓ Aligned coding_assistant.py:22-26 reads ~/.smart_coding_config.json — not declared in SK…
Shell NONE NONE subprocess is imported (coding_assistant.py:13) but never called — no shell exec…
Skill Invoke NONE NONE No cross-skill invocation found
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access
Database NONE NONE No database access
2 High 2 findings
🔑
High API Key 疑似硬编码凭证
API_KEY="your-bailian-key"
DELIVERY.md:207
🔑
High API Key 疑似硬编码凭证
API_KEY="your-deepseek-key"
DELIVERY.md:208

File Tree

10 files · 74.0 KB · 2818 lines
Markdown 6f · 1906L Python 3f · 885L JSON 1f · 27L
├─ 📁 references
│ ├─ 📝 best-practices.md Markdown 468L · 10.0 KB
│ ├─ 📝 model-profiles.md Markdown 314L · 7.7 KB
│ └─ 📝 task-taxonomy.md Markdown 302L · 9.6 KB
├─ 📁 scripts
│ ├─ 🐍 coding_assistant.py Python 386L · 11.0 KB
│ ├─ 🐍 example_usage.py Python 180L · 5.6 KB
│ └─ 🐍 model_router.py Python 319L · 10.2 KB
├─ 📝 DELIVERY.md Markdown 320L · 7.3 KB
├─ 📝 README.md Markdown 297L · 6.5 KB
├─ 📋 skill.json JSON 27L · 695 B
└─ 📝 SKILL.md Markdown 205L · 5.5 KB

Security Positives

✓ All API key access is through os.environ.get() — no hardcoded keys in code
✓ No base64-encoded execution, no eval(), no obfuscated payloads
✓ No curl|bash or wget|sh remote script execution
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No data exfiltration — network calls are limited to model API endpoints
✓ No credential harvesting — only reads its own declared environment variables (API keys)
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)
✓ No prompt injection detected in documentation or code
✓ No dependencies on untrusted external resources — all reference files are local markdown