Scan Report
5 /100
NPM Package Scanner
Scan npm packages for risk, maintenance health, and upgrade concerns
The NPM Package Scanner is a legitimate security analysis tool that inspects npm dependencies for risks without any malicious behavior.
Safe to install
No action needed. This skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Uses 'cat' and 'rg --files' to read manifests only |
| Shell | WRITE | READ | ✓ Aligned | Runs audit/read-only commands (npm ls, npm audit, bun audit) |
| Network | NONE | NONE | — | No network requests made |
File Tree
1 files · 2.6 KB · 121 lines Markdown 1f · 121L
└─
SKILL.md
Markdown
Security Positives
✓ All tools explicitly declared in metadata.requires.bins
✓ No filesystem write operations performed
✓ No sensitive paths accessed (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No remote script execution (curl|bash, wget|sh)
✓ No obfuscated or base64-encoded code
✓ Clear constraints: read-only analysis, no modifications
✓ Follows security tool legitimate-use patterns