中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:21 小时前 重新扫描
5 /100
aps-filesystem-agent
APS scheduling agent skill for managing a local filesystem-based knowledge base with Git version control and ChromaDB vector search
APS scheduling agent skill with no executable code; all capabilities (filesystem access, subprocess for Git, ChromaDB vector search) are fully declared and scoped to the knowledge base directory.
技能名称aps-filesystem-agent
分析耗时24.5s
引擎pi
可以安装
Approve for use. All file writes require human confirmation via pending_review/, and all subprocess calls are limited to git operations within the knowledge base.
资源类型声明权限推断权限状态证据
文件系统 READ+WRITE READ+WRITE ✓ 一致 SKILL.md declares filesystem access to aps_knowledge_base/; all read/write opera…
命令执行 WRITE WRITE ✓ 一致 subprocess.run(['git', '-C', kb_path, ...]) — only for Git commits, documented a…
数据库 READ+WRITE READ+WRITE ✓ 一致 chromadb.PersistentClient used for vector index; operations are local-only
网络访问 NONE NONE No network requests found; ChromaDB is local-only storage
环境变量 NONE NONE No os.environ iteration or credential access
技能调用 NONE NONE No inter-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation

目录结构

3 文件 · 28.2 KB · 907 行
Markdown 3f · 907L
├─ 📁 references
│ ├─ 📝 schemas.md Markdown 232L · 6.0 KB
│ └─ 📝 scripts.md Markdown 199L · 6.3 KB
└─ 📝 SKILL.md Markdown 476L · 15.9 KB

依赖分析 1 项

包名版本来源已知漏洞备注
chromadb not declared pip Required for vector search; not pinned in any manifest, but only used locally

安全亮点

✓ All file write operations require human confirmation via pending_review/ before entering the live knowledge base
✓ subprocess.run is only used for Git version control operations scoped to the knowledge base directory
✓ No network calls or data exfiltration — ChromaDB is a local vector store
✓ No credential harvesting or sensitive file access outside the designated aps_knowledge_base/ path
✓ All code patterns (filesystem reads, ChromaDB queries, JSON manipulation) are explicitly documented in SKILL.md
✓ Write operations target a specific subdirectory with no traversal beyond the knowledge base root
✓ Audit trail maintained via Git commits and decision logs for all knowledge changes