扫描报告
0 /100
security-audit
Run security audits on codebases using static analysis, dependency scanning, and manual code review patterns. Covers OWASP Top 10, secrets detection, dependency vulnerabilities, and infrastructure misconfigurations.
This is a pure documentation skill containing only a SKILL.md file that describes how to perform security audits using read-only grep/find commands. No executable code, scripts, or dependencies exist.
可以安装
No action needed. The skill is a benign reference guide for static security analysis.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | READ | READ | ✓ 一致 | SKILL.md: All shell usage is read-only (grep, find, cat, ls, npm audit, pip-audi… |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: Only read-only file operations (find, ls, grep -r) |
| 网络访问 | NONE | NONE | — | No network requests in skill; npm audit / pip-audit run locally |
| 环境变量 | NONE | NONE | — | Skill does not read or export environment variables |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
1 文件 · 5.3 KB · 140 行 Markdown 1f · 140L
└─
SKILL.md
Markdown
安全亮点
✓ Pure documentation skill — no executable code present
✓ All shell operations are read-only grep/find patterns for static analysis
✓ No network requests to external servers (npm/pip audit run locally)
✓ No credential access, credential harvesting, or data exfiltration
✓ No obfuscation, base64 payloads, or suspicious patterns
✓ Skill explicitly documents its own limitations and false-positive rates
✓ Dependencies: none (no package.json, requirements.txt, or other dependency files)