中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:1 天前 重新扫描
20 /100
siyuan-notes-skill
思源笔记工具——搜索、阅读、编辑、组织用户的笔记
A legitimate SiYuan Notes management tool with solid security posture. Minor doc-to-code gaps exist (undeclared filesystem writes for caching, undeclared credential environment variable access) but no malicious behavior, exfiltration, or exploitation was found.
技能名称siyuan-notes-skill
分析耗时99.4s
引擎pi
可以安装
Consider documenting the filesystem:WRITE capability (for read-guard cache) and network:READ (GitHub version check) in SKILL.md. The codebase is trustworthy for use.

安全发现 3 项

严重性 安全发现 位置
低危
Filesystem write capability not declared 文档欺骗
SKILL.md declares only 'Bash' as allowed-tools but the code writes to .siyuan-read-guard-cache.json for safety guards. This is legitimate internal behavior but undocumented.
fs.writeFileSync(READ_GUARD_CACHE_FILE, JSON.stringify(readGuardCache, null, 2));
→ Document filesystem:WRITE in SKILL.md for transparency.
 index.js:322
低危
Credential environment variables not declared 文档欺骗
SIYUAN_API_TOKEN and SIYUAN_BASIC_AUTH_PASS are read from process.env but not declared in SKILL.md. Credentials are used only for local SiYuan server authentication and not exfiltrated.
const SIYUAN_API_TOKEN = process.env.SIYUAN_API_TOKEN || '';
→ Consider documenting credential environment variable access in SKILL.md.
 index.js:96
低危
package.json has zero dependencies declared 供应链
The skill has no dependencies listed in package.json, relying solely on Node.js built-ins (fs, path, https, child_process). This is clean but worth noting.
"dependencies": {}
→ No action needed; zero dependencies is a positive supply-chain signal.
 package.json:1
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md:allowed-tools:"Bash"; index.js:10 execSync for hardcoded git commands
网络访问 NONE READ ✓ 一致 index.js:733 fetchJson() calls api.github.com for version-check; index.js:790 fe…
文件系统 NONE WRITE ✓ 一致 index.js:107 READ_GUARD_CACHE_FILE path; index.js:322-341 fs.writeFileSync for .…
环境变量 NONE READ ✓ 一致 index.js:94-101 reads SIYUAN_API_TOKEN, SIYUAN_BASIC_AUTH_PASS; used only for lo…
文件系统 READ READ ✓ 一致 index.js:55-85 loads .env via fs.readFileSync; index.js:645 reads package.json
3 项发现
🔗
中危 外部 URL 外部 URL
https://claude.com/claude-code
README.md:5
🔗
中危 外部 URL 外部 URL
https://b3log.org/siyuan/
README.md:5
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:6806
README.md:38

目录结构

14 文件 · 225.2 KB · 7034 行
JavaScript 5f · 4853L Markdown 8f · 2153L JSON 1f · 28L
├─ 📁 docs
│ ├─ 📝 command-reference.md Markdown 798L · 22.7 KB
│ ├─ 📝 Command-Reference.md Markdown 350L · 11.1 KB
│ ├─ 📝 Error-Recovery.md Markdown 17L · 2.1 KB
│ ├─ 📝 pmf-spec.md Markdown 165L · 5.6 KB
│ ├─ 📝 sql-reference.md Markdown 134L · 4.0 KB
│ └─ 📝 SQL-Reference.md Markdown 196L · 4.3 KB
├─ 📁 lib
│ ├─ 📜 pmf-utils.js JavaScript 316L · 9.0 KB
│ └─ 📜 query-services.js JavaScript 298L · 8.8 KB
├─ 📜 cli.js JavaScript 697L · 25.9 KB
├─ 📜 format-utils.js JavaScript 177L · 4.9 KB
├─ 📜 index.js JavaScript 3365L · 102.5 KB
├─ 📋 package.json JSON 28L · 616 B
├─ 📝 README.md Markdown 98L · 3.1 KB
└─ 📝 SKILL.md Markdown 395L · 20.5 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none N/A none Zero external dependencies; uses only Node.js built-in modules (fs, path, https, child_process)

安全亮点

✓ No obfuscation, base64-decode-execute, or eval patterns found
✓ No credential exfiltration or data theft
✓ No reverse shell, C2, or remote code execution
✓ execSync is limited to hardcoded git commands with no user input reaching the shell
✓ Credentials stay local — API token used only for local SiYuan server authentication
✓ Basic Auth password is Base64-encoded in header only, never transmitted outside local process
✓ No hidden functionality: all code paths traced back to documented operations
✓ GitHub network calls are restricted to version-check command, clearly described in SKILL.md
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env outside skill dir)
✓ Read-guard cache is a legitimate safety mechanism (optimistic locking)
✓ SQL queries use string escaping for SQLite (standard pattern for this tool type)