扫描报告
0 /100
find-skills
Helps users discover and install agent skills from the open agent skills ecosystem
This skill is a pure documentation-only package with no executable code. It helps users discover and install agent skills by running documented npx commands. All behavior is accurately declared in SKILL.md.
可以安装
No action required. This is a safe, documentation-only skill.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access found |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md documents npx CLI tool (allowed) |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:44-45 documents 'npx skills find' and 'npx skills add' commands |
| 环境变量 | NONE | NONE | — | No environment access found |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser access found |
| 数据库 | NONE | NONE | — | No database access found |
2 项发现
中危 外部 URL 外部 URL
https://skills.sh/ SKILL.md:33 中危 外部 URL 外部 URL
https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices SKILL.md:65 目录结构
2 文件 · 4.7 KB · 139 行 Markdown 1f · 134L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No executable code - skill is documentation-only (SKILL.md only)
✓ All shell commands explicitly documented in SKILL.md
✓ No obfuscated code, base64 payloads, or hidden functionality
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communications
✓ No supply chain risks (no dependencies)
✓ Documentation accurately describes all behavior
✓ External URLs (skills.sh) are documented and expected for skill discovery