中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
ghostshield
Anti-colleague distillation shield - protects code style from AI extraction
GhostShield is a legitimate code obfuscation tool that analyzes and protects coding style from AI distillation. No malicious behavior, credential theft, or data exfiltration detected. All functionality is properly documented.
Skill Nameghostshield
Duration40.0s
Enginepi
Safe to install
This skill is safe to use. Consider pinning dependency versions for better supply chain security.

Findings 1 items

Severity Finding Location
Low
Dependencies not version-pinned Supply Chain
requirements.txt uses loose versioning (>=) for packages like presidio-analyzer, spacy, jieba, gitpython. While not malicious, this is a best practice violation.
presidio-analyzer>=2.2.0
presidio-anonymizer>=2.2.0
spacy>=3.5.0
→ Pin exact versions to ensure reproducible builds and reduce supply chain risk
 requirements.txt:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Operates on user-specified input paths only
Shell NONE READ ✓ Aligned Uses subprocess for git log analysis, documented and necessary for core function…
Network NONE NONE No network requests made
Environment NONE NONE Does not access environment variables
7 findings
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-GPLv3-blue.svg
README.md:5
🔗
Medium External URL 外部 URL
https://www.gnu.org/licenses/gpl-3.0
README.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/python-3.8+-blue.svg
README.md:6
🔗
Medium External URL 外部 URL
https://www.python.org/downloads/
README.md:6
🔗
Medium External URL 外部 URL
https://git.company.com/...
SKILL.md:55
📧
Info Email 邮箱地址
[email protected]
README.md:122
📧
Info Email 邮箱地址
[email protected]
SKILL.md:52

File Tree

10 files · 110.1 KB · 3455 lines
Python 7f · 2795L Markdown 2f · 641L Text 1f · 19L
├─ 📁 ghostshield
│ ├─ 🐍 __init__.py Python 21L · 469 B
│ ├─ 🐍 cli.py Python 194L · 6.1 KB
│ ├─ 🐍 core.py Python 266L · 8.2 KB
│ ├─ 🐍 obfuscator.py Python 583L · 19.6 KB
│ ├─ 🐍 pii_detector.py Python 442L · 14.2 KB
│ ├─ 🐍 style_analyzer.py Python 734L · 24.6 KB
│ └─ 🐍 validator.py Python 555L · 18.6 KB
├─ 📝 README.md Markdown 280L · 7.6 KB
├─ 📄 requirements.txt Text 19L · 262 B
└─ 📝 SKILL.md Markdown 361L · 10.5 KB

Dependencies 5 items

PackageVersionSourceKnown VulnsNotes
presidio-analyzer >=2.2.0 pip No Version not pinned
presidio-anonymizer >=2.2.0 pip No Version not pinned
spacy >=3.5.0 pip No Version not pinned
jieba >=0.42.1 pip No Version not pinned
gitpython >=3.1.0 pip No Version not pinned

Security Positives

✓ No credential harvesting or exfiltration
✓ No network requests to external IPs
✓ No base64/obfuscated code execution
✓ Documentation accurately describes all functionality
✓ All subprocess usage is legitimate git analysis (documented)
✓ No access to sensitive system paths (~/.ssh, ~/.aws, .env)
✓ No reverse shell or C2 communication
✓ Open source GPL-3.0 license with transparent codebase