扫描报告
5 /100
skill-creator
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
This is a legitimate skill-creation meta-skill providing guidance and utilities for creating AI skills. The scripts perform standard operations (directory creation, YAML validation, zip packaging) using only Python standard library with no security concerns.
可以安装
Skill is safe to use. Consider adding an `allowed-tools` declaration in SKILL.md frontmatter to document expected filesystem access patterns for the bundled scripts.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Missing allowed-tools declaration 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | scripts/init_skill.py:96 - mkdir(parents=True) and write_text() |
| 文件系统 | NONE | READ | ✓ 一致 | scripts/package_skill.py:28 - rglob('*') for zip creation |
2 项发现
中危 外部 URL 外部 URL
http://www.apache.org/licenses/ LICENSE.txt:4 中危 外部 URL 外部 URL
http://www.apache.org/licenses/LICENSE-2.0 LICENSE.txt:196 目录结构
8 文件 · 48.5 KB · 1178 行 Python 3f · 507L
Markdown 3f · 465L
Text 1f · 201L
JSON 1f · 5L
├─
▾
references
│ ├─
output-patterns.md
Markdown
│ └─
workflows.md
Markdown
├─
▾
scripts
│ ├─
init_skill.py
Python
│ ├─
package_skill.py
Python
│ └─
quick_validate.py
Python
├─
_meta.json
JSON
├─
LICENSE.txt
Text
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Python standard library (no external dependencies)
✓ No credential theft, API key harvesting, or environment variable access
✓ No base64 encoding, obfuscation, or eval() patterns
✓ No network requests or data exfiltration
✓ No shell execution (subprocess/os.system)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No persistence mechanisms or backdoors
✓ YAML validation uses safe yaml.safe_load()