Scan Report
5 /100
meeting-minutes
会议纪要融合生成器 v2.0 — 从钉钉和/或得到(Get笔记)的会议纪要PDF中提取内容,自动校准ASR错别字,融合双源优势生成审美在线的10区块会议纪要HTML+PDF
Clean meeting minutes generation skill with no malicious indicators; all capabilities are declared, scoped, and appropriate for its stated purpose.
Safe to install
No action needed. The skill is safe to use as designed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md Step 2 + Step 5 (read PDFs, read template.html) |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md Step 5 outputs HTML to user working directory |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md Step 6: python3 export_pdf.py; scripts/export_pdf.py:1-80 |
| Network | NONE | READ | ✓ Aligned | SKILL.md Step 6: installs playwright/weasyprint (standard PDF tools) |
| Environment | NONE | NONE | — | No os.environ iteration found |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | Playwright used only for local file:// PDF rendering, not browsing |
| Database | NONE | NONE | — | No database access found |
File Tree
4 files · 66.0 KB · 1891 lines HTML 1f · 1634L
Markdown 1f · 155L
Python 1f · 80L
JSON 1f · 22L
├─
▾
assets
│ ├─
template.html
HTML
│ └─
term_corrections.json
JSON
├─
▾
scripts
│ └─
export_pdf.py
Python
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
playwright | * | pip | No | Version not pinned; standard PDF export tool, appropriate for this skill |
weasyprint | * | pip | No | Version not pinned; fallback PDF export tool, appropriate for this skill |
Security Positives
✓ Zero obfuscation patterns: no base64, eval(), atob(), or encoded payloads anywhere in the codebase
✓ All shell execution (python3) is explicitly declared in SKILL.md Step 6 and is necessary for PDF export
✓ All file operations are scoped to skill directory and user-provided files — no traversal outside
✓ No credential harvesting: no iteration over os.environ for sensitive keys
✓ No sensitive path access: no reads of ~/.ssh, ~/.aws, .env, or similar credential locations
✓ No remote code execution: no curl|bash, wget|sh, or direct IP network requests
✓ No data exfiltration: no POST requests, no external IP communication for data theft
✓ No hidden instructions: no suspicious HTML comments, no jailbreak prompts
✓ Clean Python script: export_pdf.py uses only standard library (sys, os) + two known PDF libraries
✓ Appropriate dependency choice: playwright and weasyprint are standard, well-maintained PDF tools
✓ Pure HTML template with no executable or dynamic content