Scan Report
5 /100
aps-filesystem-agent
APS scheduling agent skill for managing a local filesystem-based knowledge base with Git version control and ChromaDB vector search
APS scheduling agent skill with no executable code; all capabilities (filesystem access, subprocess for Git, ChromaDB vector search) are fully declared and scoped to the knowledge base directory.
Safe to install
Approve for use. All file writes require human confirmation via pending_review/, and all subprocess calls are limited to git operations within the knowledge base.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ+WRITE | READ+WRITE | ✓ Aligned | SKILL.md declares filesystem access to aps_knowledge_base/; all read/write opera… |
| Shell | WRITE | WRITE | ✓ Aligned | subprocess.run(['git', '-C', kb_path, ...]) — only for Git commits, documented a… |
| Database | READ+WRITE | READ+WRITE | ✓ Aligned | chromadb.PersistentClient used for vector index; operations are local-only |
| Network | NONE | NONE | — | No network requests found; ChromaDB is local-only storage |
| Environment | NONE | NONE | — | No os.environ iteration or credential access |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
File Tree
3 files · 28.2 KB · 907 lines Markdown 3f · 907L
├─
▾
references
│ ├─
schemas.md
Markdown
│ └─
scripts.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
chromadb | not declared | pip | No | Required for vector search; not pinned in any manifest, but only used locally |
Security Positives
✓ All file write operations require human confirmation via pending_review/ before entering the live knowledge base
✓ subprocess.run is only used for Git version control operations scoped to the knowledge base directory
✓ No network calls or data exfiltration — ChromaDB is a local vector store
✓ No credential harvesting or sensitive file access outside the designated aps_knowledge_base/ path
✓ All code patterns (filesystem reads, ChromaDB queries, JSON manipulation) are explicitly documented in SKILL.md
✓ Write operations target a specific subdirectory with no traversal beyond the knowledge base root
✓ Audit trail maintained via Git commits and decision logs for all knowledge changes