扫描报告
20 /100
Passport
Validate and format passport or identity document data
The 'Passport' skill is a simple bash CLI tool that logs user input to local log files in ~/.local/share/passport. No malicious behavior found; the doc-to-code gap is a feature-description mismatch rather than hidden malicious functionality.
可以安装
Approve for use. Be aware the 'validate' commands perform no real validation — they merely log input. If passport data processing is needed, verify the skill performs actual document validation.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Command descriptions are placeholders with no real functionality 文档欺骗 | scripts/script.sh:82 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md declares filesystem access; script writes to ~/.local/share/passport/*.… |
| 命令执行 | NONE | WRITE | ✓ 一致 | script.sh:1 shebang uses bash; script writes log files and uses standard utiliti… |
| 网络访问 | NONE | NONE | — | No curl, wget, or outbound network calls found in script.sh |
| 环境变量 | NONE | NONE | — | Only uses $HOME to build data path; no iteration over environment variables for … |
3 项发现
中危 外部 URL 外部 URL
https://bytesagain.com SKILL.md:6 中危 外部 URL 外部 URL
https://bytesagain.com/feedback/ SKILL.md:98 提示 邮箱 邮箱地址
[email protected] SKILL.md:101 目录结构
2 文件 · 14.3 KB · 414 行 Shell 1f · 313L
Markdown 1f · 101L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ No network requests — confirmed offline operation matching documentation
✓ No credential harvesting or environment variable scanning
✓ No base64, obfuscation, or anti-analysis techniques
✓ No remote script execution (no curl|bash, wget|sh, pip install, etc.)
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env, /etc/passwd)
✓ No data exfiltration or C2 communication
✓ No persistence mechanisms (no cron, startup scripts, or backdoors)
✓ No supply chain risk — no external dependencies
✓ All operations are local to a defined data directory