中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
command-guardian
Preflight safety guard for shell and infrastructure commands
Command Guardian is a legitimate preflight safety analyzer for shell commands. It performs read-only risk analysis and does not execute analyzed commands or exhibit any malicious behavior.
Skill Namecommand-guardian
Duration41.0s
Enginepi
Safe to install
This skill is safe for use. The dangerous shell patterns (curl|sh, wget|bash) referenced in documentation are documented as dangerous patterns TO FLAG, not patterns the skill performs itself.
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned agents/openai.yaml declares filesystem:READ
Shell WRITE WRITE ✓ Aligned guardlib.py:294-297 uses subprocess for git commands only
Environment NONE READ ✓ Aligned guardlib.py:76 uses os.path.expandenv() for path resolution only
Network NONE NONE No network calls found
Skill Invoke NONE NONE No skill invocation found
Clipboard NONE NONE No clipboard access found
Browser NONE NONE No browser access found
Database NONE NONE No database access found
2 Critical 2 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl | sh
SKILL.md:54
💀
Critical Dangerous Command 危险 Shell 命令
wget | bash
references/tool-patterns.md:30

File Tree

11 files · 45.5 KB · 1208 lines
Python 7f · 1007L Markdown 3f · 193L YAML 1f · 8L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 8L · 300 B
├─ 📁 references
│ ├─ 📝 risk-rules.md Markdown 41L · 1.3 KB
│ └─ 📝 tool-patterns.md Markdown 42L · 1.4 KB
├─ 📁 scripts
│ ├─ 🐍 classify_command.py Python 15L · 307 B
│ ├─ 🐍 guardlib.py Python 824L · 31.8 KB
│ ├─ 🐍 path_guard.py Python 17L · 466 B
│ ├─ 🐍 preflight.py Python 60L · 1.9 KB
│ ├─ 🐍 rollback_hints.py Python 15L · 317 B
│ └─ 🔑 secret_guard.py Python 15L · 315 B
├─ 📁 tests
│ └─ 🐍 test_powershell_risk.py Python 61L · 3.0 KB
└─ 📝 SKILL.md Markdown 110L · 4.4 KB

Security Positives

✓ Skill performs read-only command analysis without executing analyzed commands
✓ Subprocess usage limited to git context (git rev-parse, git status) - legitimate for security tooling
✓ No credential harvesting or exfiltration - only detects inline secrets to warn about them
✓ No network requests or data exfiltration channels
✓ No obfuscation techniques (no base64, no eval, no atob)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No persistence mechanisms (no cron, no startup hooks, no backdoors)
✓ Capabilities properly declared in agents/openai.yaml
✓ Comprehensive test suite validates expected security behaviors
✓ Dangerous patterns (curl|sh, wget|bash) are documented AS PATTERNS TO FLAG, not as behaviors exhibited