中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
reply-coach
从剪贴板读取聊天内容,生成尊重边界、自然不油腻的高情商回复建议
Benign clipboard-reading skill with minimal attack surface and no malicious behavior detected.
技能名称reply-coach
分析耗时20.5s
引擎pi
可以安装
No action required. This skill is safe for use.

安全发现 1 项

严重性 安全发现 位置
低危
Shell execution not explicitly declared 文档欺骗
SKILL.md runs 'node {baseDir}/scripts/reply_from_clipboard.mjs' but does not explicitly declare shell:WRITE permission. However, this is acceptable for script execution and the command is benign (only runs pbpaste).
node {baseDir}/scripts/reply_from_clipboard.mjs
→ Consider documenting shell:WRITE permission in SKILL.md for transparency
 SKILL.md:14
资源类型声明权限推断权限状态证据
剪贴板 READ READ ✓ 一致 scripts/reply_from_clipboard.mjs:9 - pbpaste command
命令执行 NONE WRITE ✓ 一致 scripts/reply_from_clipboard.mjs:6 - execSync for pbpaste
文件系统 NONE NONE No filesystem access detected
网络访问 NONE NONE No network requests detected

目录结构

4 文件 · 2.3 KB · 97 行
Markdown 3f · 77L JavaScript 1f · 20L
├─ 📁 scripts
│ └─ 📜 reply_from_clipboard.mjs JavaScript 20L · 448 B
├─ 📝 CHANGELOG.md Markdown 8L · 211 B
├─ 📝 README.md Markdown 35L · 684 B
└─ 📝 SKILL.md Markdown 34L · 989 B

安全亮点

✓ No network requests or data exfiltration
✓ No credential harvesting or environment variable access
✓ No obfuscation or base64-encoded commands
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No external dependencies or supply chain risks
✓ Single-purpose tool with clear, documented functionality
✓ No remote script execution (curl|bash, wget|sh)
✓ Clear documentation with explicit 'not do' list