中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:18 hr ago Rescan
0 /100
streaming-obs-bootstrap
Rebuild and validate a reusable OBS streaming scene pack via agentic-obs and mcporter
This is a straightforward OBS streaming scene bootstrapper composed entirely of shell-script wrappers around the mcporter CLI tool. No malicious patterns, obfuscation, credential access, or hidden functionality were found.
Skill Namestreaming-obs-bootstrap
Duration31.3s
Enginepi
Safe to install
No action required. The skill is safe to use as documented.
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md declares Read; scripts only read workspace overlays
Network READ READ ✓ Aligned HTTP server on :8787 is declared in SKILL.md workflow step 2
Shell WRITE WRITE ✓ Aligned All 7 scripts use shell:WRITE to call mcporter CLI — all documented in SKILL.md …
Environment NONE NONE No env iteration; only reads OBS_AUDIO_INPUTS, OPENCLAW_WORKSPACE, AGENTIC_OBS_D…
Skill Invoke NONE NONE No inter-skill invocations
Clipboard NONE NONE No clipboard access
Browser NONE NONE OBS browser-source URLs are created via mcporter, not accessed directly
Database NONE WRITE ✓ Aligned obs_target_switch.sh:4 uses sqlite3 to write $HOME/.agentic-obs/db.sqlite — file…
4 findings
🔗
Medium External URL 外部 URL
http://127.0.0.1:8765/screenshot/stream_monitor
assets/overlays/control-panel.html:127
🔗
Medium External URL 外部 URL
http://www.w3.org/2000/svg%22
assets/overlays/control-panel.html:129
🔗
Medium External URL 外部 URL
http://127.0.0.1:8787/streaming/overlays/intro.html
references/networking.md:13
🔗
Medium External URL 外部 URL
http://$IP:8787
scripts/rebuild_scenes.sh:5

File Tree

24 files · 36.7 KB · 1278 lines
HTML 11f · 976L Markdown 6f · 168L Shell 7f · 134L
├─ 📁 assets
│ ├─ 📁 overlays
│ │ ├─ 📄 analytics.html HTML 90L · 2.1 KB
│ │ ├─ 📄 brb.html HTML 40L · 838 B
│ │ ├─ 📄 chat.html HTML 95L · 2.2 KB
│ │ ├─ 📄 control-panel.html HTML 186L · 5.8 KB
│ │ ├─ 📄 intro.html HTML 59L · 1.7 KB
│ │ ├─ 📄 live_dashboard.html HTML 80L · 1.9 KB
│ │ ├─ 📄 live-dashboard.html HTML 134L · 3.5 KB
│ │ ├─ 📄 outro.html HTML 57L · 1.5 KB
│ │ ├─ 📄 presentation.html HTML 50L · 1.0 KB
│ │ └─ 📄 work_status.html HTML 53L · 1.1 KB
│ └─ 📄 civic-nexus-demo.html HTML 132L · 3.7 KB
├─ 📁 references
│ ├─ 📝 networking.md Markdown 22L · 648 B
│ ├─ 📝 scene-map.md Markdown 21L · 837 B
│ ├─ 📝 troubleshooting.md Markdown 27L · 786 B
│ └─ 📝 v0.2-features.md Markdown 23L · 762 B
├─ 📁 scripts
│ ├─ 🔧 apply_audio_baseline.sh Shell 25L · 847 B
│ ├─ 🔧 apply_transition_preset.sh Shell 10L · 332 B
│ ├─ 🔧 obs_target_switch.sh Shell 12L · 417 B
│ ├─ 🔧 rebuild_scenes.sh Shell 32L · 2.5 KB
│ ├─ 🔧 smoke_test_walkthrough.sh Shell 18L · 499 B
│ ├─ 🔧 start_overlay_server.sh Shell 19L · 552 B
│ └─ 🔧 stream_dry_run.sh Shell 18L · 708 B
├─ 📝 PUBLISH.md Markdown 9L · 370 B
└─ 📝 SKILL.md Markdown 66L · 2.2 KB

Security Positives

✓ All 7 shell scripts are thin wrappers around mcporter CLI calls — no raw Python/JS/Ruby execution
✓ No base64, eval(), or atob() patterns anywhere in the codebase
✓ No credential harvesting — scripts only touch OBS-related config in ~/.agentic-obs/db.sqlite
✓ No curl|bash or wget|sh remote script downloads
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No obfuscation, dead code, or hidden instructions in HTML comments
✓ No inter-skill invocations or clipboard access
✓ HTML overlays are static display files with no exfiltration logic
✓ Dependencies: No requirements.txt, package.json, or Cargo.toml — skill uses only system tools (mcporter, sqlite3, python3 http.server)