Scan Report
25 /100
daily-backup
每日 Git 备份。提交工作区所有变更,记录变更摘要。触发时机:cron 定时任务或手动调用。
Documentation-only skill with declared-permission mismatch but no actual executable code or scripts present to evaluate for malicious behavior.
Safe to install
Add missing permission declarations in SKILL.md YAML frontmatter for filesystem:READ (spec reading), filesystem:WRITE (report generation), shell:WRITE (script execution), and network:WRITE (Feishu API). Create actual scripts/auto-backup.sh with documented, pinned git operations.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Undeclared permission requirements Doc Mismatch | SKILL.md:1 |
| Low | Referenced script does not exist Doc Mismatch | references/spec.md:6 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✗ Violation | SKILL.md:8 - reads references/spec.md |
| Filesystem | NONE | WRITE | ✗ Violation | SKILL.md:17 - writes data/exec-logs/daily-backup/ reports |
| Shell | NONE | WRITE | ✗ Violation | references/spec.md:6 - runs scripts/auto-backup.sh |
| Network | NONE | WRITE | ✗ Violation | SKILL.md:14 - sends reports to Feishu |
File Tree
2 files · 1.7 KB · 78 lines Markdown 2f · 78L
├─
▾
references
│ └─
spec.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No malicious code present - only documentation files exist
✓ No sensitive file access patterns detected
✓ No network exfiltration indicators
✓ No obfuscation or base64-encoded payloads
✓ No credential harvesting mechanisms
✓ No suspicious dependencies or supply chain risks