Scan Report
22 /100
api-health-check
Check the health and status of popular AI APIs and services
The skill performs legitimate API health checks with network access properly declared, though SSL certificate verification is disabled without documentation.
Safe to install
Document the SSL verification bypass and consider re-enabling certificate verification if sensitive credentials are ever added.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | SSL certificate verification bypass not documented Doc Mismatch | scripts/check_apis.py:17 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md declares API endpoint checking; check_apis.py makes HEAD requests to pu… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares python scripts/check_apis.py execution |
| Filesystem | NONE | NONE | — | No file operations beyond script execution |
| Environment | NONE | NONE | — | No environment variable access |
5 findings
Medium External URL 外部 URL
https://image.pollinations.ai/models scripts/check_apis.py:14 Medium External URL 外部 URL
https://text.pollinations.ai/models scripts/check_apis.py:15 Medium External URL 外部 URL
https://openrouter.ai/api/v1/models scripts/check_apis.py:16 Medium External URL 外部 URL
https://api.stability.ai/v1/user/account scripts/check_apis.py:17 Medium External URL 外部 URL
https://api.groq.com/openai/v1/models scripts/check_apis.py:18 File Tree
2 files · 3.6 KB · 124 lines Python 1f · 74L
Markdown 1f · 50L
├─
▾
scripts
│ └─
check_apis.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Network access is properly declared in SKILL.md
✓ No credential harvesting or sensitive data access
✓ No data exfiltration to external servers
✓ No obfuscation or encoded commands
✓ Script purpose clearly matches documentation
✓ No subprocess beyond declared shell execution
✓ Only HEAD requests made (no data transmission)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)