扫描报告
22 /100
api-health-check
Check the health and status of popular AI APIs and services
The skill performs legitimate API health checks with network access properly declared, though SSL certificate verification is disabled without documentation.
可以安装
Document the SSL verification bypass and consider re-enabling certificate verification if sensitive credentials are ever added.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | SSL certificate verification bypass not documented 文档欺骗 | scripts/check_apis.py:17 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares API endpoint checking; check_apis.py makes HEAD requests to pu… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares python scripts/check_apis.py execution |
| 文件系统 | NONE | NONE | — | No file operations beyond script execution |
| 环境变量 | NONE | NONE | — | No environment variable access |
5 项发现
中危 外部 URL 外部 URL
https://image.pollinations.ai/models scripts/check_apis.py:14 中危 外部 URL 外部 URL
https://text.pollinations.ai/models scripts/check_apis.py:15 中危 外部 URL 外部 URL
https://openrouter.ai/api/v1/models scripts/check_apis.py:16 中危 外部 URL 外部 URL
https://api.stability.ai/v1/user/account scripts/check_apis.py:17 中危 外部 URL 外部 URL
https://api.groq.com/openai/v1/models scripts/check_apis.py:18 目录结构
2 文件 · 3.6 KB · 124 行 Python 1f · 74L
Markdown 1f · 50L
├─
▾
scripts
│ └─
check_apis.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Network access is properly declared in SKILL.md
✓ No credential harvesting or sensitive data access
✓ No data exfiltration to external servers
✓ No obfuscation or encoded commands
✓ Script purpose clearly matches documentation
✓ No subprocess beyond declared shell execution
✓ Only HEAD requests made (no data transmission)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)