扫描报告
5 /100
NPM Package Scanner
Scan npm packages for risk, maintenance health, and upgrade concerns
The NPM Package Scanner is a legitimate security analysis tool that inspects npm dependencies for risks without any malicious behavior.
可以安装
No action needed. This skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Uses 'cat' and 'rg --files' to read manifests only |
| 命令执行 | WRITE | READ | ✓ 一致 | Runs audit/read-only commands (npm ls, npm audit, bun audit) |
| 网络访问 | NONE | NONE | — | No network requests made |
目录结构
1 文件 · 2.6 KB · 121 行 Markdown 1f · 121L
└─
SKILL.md
Markdown
安全亮点
✓ All tools explicitly declared in metadata.requires.bins
✓ No filesystem write operations performed
✓ No sensitive paths accessed (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No remote script execution (curl|bash, wget|sh)
✓ No obfuscated or base64-encoded code
✓ Clear constraints: read-only analysis, no modifications
✓ Follows security tool legitimate-use patterns