中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
meeting-secretary
专业的会议秘书技能,用于分析会议转录文本并生成结构化会议纪要
Meeting secretary skill for transcript analysis with no security issues found. The single Python script uses only standard library, performs documented file operations, and has no network access or credential handling.
技能名称meeting-secretary
分析耗时33.0s
引擎pi
可以安装
This skill is safe to use. No action required.

安全发现 1 项

严重性 安全发现 位置
提示
Reference to non-existent scripts
best_practices.md references transcribe_audio.py and process_video.py which don't exist in the package. These are aspirational features not yet implemented.
python scripts/transcribe_audio.py meeting_audio.m4a
→ Remove references to unimplemented scripts or implement them if needed
 references/best_practices.md:12
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md:reads user-provided transcripts; split_long_transcript.py:15-35 reads i…
文件系统 WRITE WRITE ✓ 一致 SKILL.md:documents output to segments/ directory; split_long_transcript.py:200-2…
网络访问 NONE NONE No socket, urllib, requests imports in script
命令执行 NONE NONE No subprocess, os.system, or shell command execution
环境变量 NONE NONE No os.environ access or credential enumeration
数据库 NONE NONE No database imports or operations
5 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue
README.md:7
🔗
中危 外部 URL 外部 URL
https://openclaw.ai
README.md:7
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/license-MIT-green
README.md:8
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/python-3.8+-blue
README.md:9
🔗
中危 外部 URL 外部 URL
https://www.python.org
README.md:9

目录结构

4 文件 · 36.4 KB · 1347 行
Markdown 3f · 1071L Python 1f · 276L
├─ 📁 references
│ └─ 📝 best_practices.md Markdown 307L · 7.6 KB
├─ 📁 scripts
│ └─ 🐍 split_long_transcript.py Python 276L · 7.8 KB
├─ 📝 README.md Markdown 298L · 6.8 KB
└─ 📝 SKILL.md Markdown 466L · 14.2 KB

安全亮点

✓ Uses only Python standard library - no external dependencies
✓ File operations are parameterized and controlled (input file, output directory)
✓ Error handling present for file operations (try-except blocks)
✓ No network requests or external communications
✓ No credential harvesting or sensitive path access
✓ No base64, eval(), exec(), or other dynamic code execution
✓ No curl|bash or wget|sh remote execution patterns
✓ All functionality is clearly documented in SKILL.md