Scan Report
0 /100
OpenList Automation
AI Agent skill for managing OpenList file server operations (move, rename, delete, offline downloads) via HTTP API with two-step confirm workflow
OpenList automation skill with well-defined, documented HTTP API interactions using only Python standard library; no shell execution, no credential exfiltration, no obfuscation, and comprehensive plan-apply guardrails.
Safe to install
This skill is safe to use. No changes required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | load_dotenv_values() reads .env; audit_path used for JSONL write; plan files rea… |
| Network | READ | READ | ✓ Aligned | urllib_request.Request only calls configured OPENLIST_BASE_URL; only whitelisted… |
| Shell | NONE | NONE | — | No subprocess, os.system, or exec* calls found |
| Environment | READ | READ | ✓ Aligned | build_effective_env() reads os.environ for config only; no iteration for credent… |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
2 files · 60.6 KB · 1624 lines Python 1f · 1400L
Markdown 1f · 224L
├─
▾
scripts
│ └─
openlist.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ No shell execution (subprocess, os.system, exec) — all operations are Python standard library only
✓ No credential exfiltration — OPENLIST_TOKEN is used only as Bearer token header, never transmitted elsewhere
✓ No obfuscation — no base64, atob, eval, or encoded strings
✓ Audit log sanitization — sensitive fields (token, authorization, password, secret) are redacted before writing
✓ Plan-apply two-step pattern enforces user confirmation before destructive actions
✓ Endpoint allowlist restricts apply to only 4 safe endpoints: /api/fs/move, /api/fs/rename, /api/fs/remove, /api/fs/add_offline_download
✓ Plan schema validation with scan_for_dangerous_signals() blocks overwrite=true, unauthorized endpoints, and dangerous delete fields
✓ Path normalization prevents traversal attacks (blocks '..', requires leading '/')
✓ TLS verification configurable but defaults to true
✓ No third-party dependencies — pure Python stdlib (urllib, json, pathlib, ssl)
✓ Code and documentation are fully aligned — no hidden functionality
✓ Delete operations are single-path only, no root deletion, and re-validate type before apply