中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
pdfly-cli
A pure-python CLI application for manipulating PDF files (compress, merge, split, rotate, sign, extract images/text, convert).
This skill consists entirely of documentation for the legitimate pdfly Python CLI tool. No executable code, scripts, or binary artifacts are present. All described functionality is benign PDF manipulation operations.
技能名称pdfly-cli
分析耗时41.0s
引擎pi
可以安装
No action required. The skill is a pure documentation wrapper for a known-safe open-source CLI tool. Consider pinning the pip install version in documentation to follow best practice.

安全发现 1 项

严重性 安全发现 位置
低危
Unpinned pip install for pdfly 供应链
SKILL.md instructs users to run 'pip install pdfly' without a version pin. This allows a future package version to differ from the tested version.
pip install pdfly
→ Change to 'pip install pdfly==X.Y.Z' or use uv with a locked version to prevent silent dependency substitution.
 SKILL.md:8
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No filesystem access is declared, required, or present — SKILL.md describes a CL…
网络访问 NONE NONE No network activity is declared or present; external URLs are documentation link…
命令执行 NONE NONE No shell execution in any file; the skill only describes CLI invocations users e…
环境变量 NONE NONE No environment variable access declared or present
技能调用 NONE NONE No skill invocation capabilities declared or present
剪贴板 NONE NONE No clipboard access declared or present
浏览器 NONE NONE No browser access declared or present
数据库 NONE NONE No database access declared or present
3 项发现
🔗
中危 外部 URL 外部 URL
https://pypdf.readthedocs.io/
SKILL.md:9
🔗
中危 外部 URL 外部 URL
https://pyfpdf.github.io/fpdf2/
SKILL.md:9
🔗
中危 外部 URL 外部 URL
https://endesive.readthedocs.io/
SKILL.md:9

目录结构

5 文件 · 11.0 KB · 455 行
Markdown 5f · 455L
├─ 📁 references
│ ├─ 📝 cat.md Markdown 108L · 2.4 KB
│ ├─ 📝 page-ranges.md Markdown 78L · 2.0 KB
│ ├─ 📝 rotate.md Markdown 86L · 1.8 KB
│ └─ 📝 sign.md Markdown 100L · 2.1 KB
└─ 📝 SKILL.md Markdown 83L · 2.7 KB

安全亮点

✓ All 5 files are markdown documentation only — no executable code, scripts, or binary artifacts present
✓ No obfuscation techniques detected (no base64, eval, atob, or encoded strings)
✓ No credential harvesting, environment variable scanning, or sensitive file access
✓ No network exfiltration, C2 communication, or data theft behavior
✓ No reverse shell, RCE, or arbitrary command execution
✓ All referenced libraries (pypdf, fpdf2, endesive, pillow, cryptography) are well-known, established open-source projects
✓ Documentation is internally consistent with no doc-to-code mismatch since there is no code
✓ No hidden instructions in HTML comments or other steganographic hiding
✓ No suspicious IOCs (IPs, domains, malware hashes)