中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
command-guardian
Preflight safety guard for shell and infrastructure commands
Command Guardian is a legitimate preflight safety analyzer for shell commands. It performs read-only risk analysis and does not execute analyzed commands or exhibit any malicious behavior.
技能名称command-guardian
分析耗时41.0s
引擎pi
可以安装
This skill is safe for use. The dangerous shell patterns (curl|sh, wget|bash) referenced in documentation are documented as dangerous patterns TO FLAG, not patterns the skill performs itself.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 agents/openai.yaml declares filesystem:READ
命令执行 WRITE WRITE ✓ 一致 guardlib.py:294-297 uses subprocess for git commands only
环境变量 NONE READ ✓ 一致 guardlib.py:76 uses os.path.expandenv() for path resolution only
网络访问 NONE NONE No network calls found
技能调用 NONE NONE No skill invocation found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser access found
数据库 NONE NONE No database access found
2 严重 2 项发现
💀
严重 危险命令 危险 Shell 命令
curl | sh
SKILL.md:54
💀
严重 危险命令 危险 Shell 命令
wget | bash
references/tool-patterns.md:30

目录结构

11 文件 · 45.5 KB · 1208 行
Python 7f · 1007L Markdown 3f · 193L YAML 1f · 8L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 8L · 300 B
├─ 📁 references
│ ├─ 📝 risk-rules.md Markdown 41L · 1.3 KB
│ └─ 📝 tool-patterns.md Markdown 42L · 1.4 KB
├─ 📁 scripts
│ ├─ 🐍 classify_command.py Python 15L · 307 B
│ ├─ 🐍 guardlib.py Python 824L · 31.8 KB
│ ├─ 🐍 path_guard.py Python 17L · 466 B
│ ├─ 🐍 preflight.py Python 60L · 1.9 KB
│ ├─ 🐍 rollback_hints.py Python 15L · 317 B
│ └─ 🔑 secret_guard.py Python 15L · 315 B
├─ 📁 tests
│ └─ 🐍 test_powershell_risk.py Python 61L · 3.0 KB
└─ 📝 SKILL.md Markdown 110L · 4.4 KB

安全亮点

✓ Skill performs read-only command analysis without executing analyzed commands
✓ Subprocess usage limited to git context (git rev-parse, git status) - legitimate for security tooling
✓ No credential harvesting or exfiltration - only detects inline secrets to warn about them
✓ No network requests or data exfiltration channels
✓ No obfuscation techniques (no base64, no eval, no atob)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No persistence mechanisms (no cron, no startup hooks, no backdoors)
✓ Capabilities properly declared in agents/openai.yaml
✓ Comprehensive test suite validates expected security behaviors
✓ Dangerous patterns (curl|sh, wget|bash) are documented AS PATTERNS TO FLAG, not as behaviors exhibited