Scan Report
5 /100
create-aptos-project
Scaffolds new Aptos projects using npx create-aptos-dapp
This is a legitimate project scaffolding skill for Aptos that uses standard CLI tools (npx, git, npm) without any malicious behavior.
Safe to install
No action required. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | npx create-aptos-dapp, git, npm run commands |
| Filesystem | READ | READ | ✓ Aligned | Reads .gitignore to verify .env protection |
| Network | READ | READ | ✓ Aligned | npx downloads from npm registry only |
| Environment | NONE | NONE | — | No environment variable access beyond project creation |
1 findings
Medium External URL 外部 URL
https://geomi.dev SKILL.md:74 File Tree
1 files · 6.1 KB · 172 lines Markdown 1f · 172L
└─
SKILL.md
Markdown
Security Positives
✓ Explicitly warns NOT to display or read private keys (uses placeholder 0x...)
✓ Requires verification that .env is in .gitignore before git operations
✓ No arbitrary code execution - only scaffolding commands
✓ Uses only official, documented tools (npx, git, npm, aptos CLI)
✓ API key is optional and user-provided
✓ All behavior is fully declared in SKILL.md