扫描报告
5 /100
meeting-minutes
会议纪要融合生成器 v2.0 — 从钉钉和/或得到(Get笔记)的会议纪要PDF中提取内容,自动校准ASR错别字,融合双源优势生成审美在线的10区块会议纪要HTML+PDF
Clean meeting minutes generation skill with no malicious indicators; all capabilities are declared, scoped, and appropriate for its stated purpose.
可以安装
No action needed. The skill is safe to use as designed.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md Step 2 + Step 5 (read PDFs, read template.html) |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md Step 5 outputs HTML to user working directory |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md Step 6: python3 export_pdf.py; scripts/export_pdf.py:1-80 |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md Step 6: installs playwright/weasyprint (standard PDF tools) |
| 环境变量 | NONE | NONE | — | No os.environ iteration found |
| 技能调用 | NONE | NONE | — | No cross-skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | Playwright used only for local file:// PDF rendering, not browsing |
| 数据库 | NONE | NONE | — | No database access found |
目录结构
4 文件 · 66.0 KB · 1891 行 HTML 1f · 1634L
Markdown 1f · 155L
Python 1f · 80L
JSON 1f · 22L
├─
▾
assets
│ ├─
template.html
HTML
│ └─
term_corrections.json
JSON
├─
▾
scripts
│ └─
export_pdf.py
Python
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
playwright | * | pip | 否 | Version not pinned; standard PDF export tool, appropriate for this skill |
weasyprint | * | pip | 否 | Version not pinned; fallback PDF export tool, appropriate for this skill |
安全亮点
✓ Zero obfuscation patterns: no base64, eval(), atob(), or encoded payloads anywhere in the codebase
✓ All shell execution (python3) is explicitly declared in SKILL.md Step 6 and is necessary for PDF export
✓ All file operations are scoped to skill directory and user-provided files — no traversal outside
✓ No credential harvesting: no iteration over os.environ for sensitive keys
✓ No sensitive path access: no reads of ~/.ssh, ~/.aws, .env, or similar credential locations
✓ No remote code execution: no curl|bash, wget|sh, or direct IP network requests
✓ No data exfiltration: no POST requests, no external IP communication for data theft
✓ No hidden instructions: no suspicious HTML comments, no jailbreak prompts
✓ Clean Python script: export_pdf.py uses only standard library (sys, os) + two known PDF libraries
✓ Appropriate dependency choice: playwright and weasyprint are standard, well-maintained PDF tools
✓ Pure HTML template with no executable or dynamic content