中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
kindle2md
Convert Kindle HTML notebook exports to Obsidian Markdown format
A straightforward Kindle-to-Markdown converter with minor documentation gaps but no malicious behavior detected.
Skill Namekindle2md
Duration29.2s
Enginepi
Safe to install
Consider adding explicit declaration of clipboard and filesystem WRITE capabilities to SKILL.md for full transparency.

Findings 2 items

Severity Finding Location
Low
Clipboard access undocumented Doc Mismatch
The script uses pyperclip to copy markdown output to clipboard, but this capability is not declared in SKILL.md
if args.clipboard:
      pyperclip.copy(md)
→ Add '-c/--clipboard' feature to SKILL.md capabilities documentation
 scripts/kindle_notes_to_md.py:183
Low
Filesystem WRITE permission implied but not declared Doc Mismatch
SKILL.md describes file output functionality but only explicitly declares READ permission for config reading
Use this skill to convert Kindle HTML notebook exports to Obsidian Markdown format
→ Clarify that the skill requires filesystem WRITE permission for output .md files
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned SKILL.md describes file output but declares only READ for config
Network NONE NONE No network operations observed
Shell WRITE WRITE ✓ Aligned SKILL.md declares python script execution
Environment NONE NONE No environment variable access
Skill Invoke NONE NONE No skill invocation
Clipboard NONE READ ✓ Aligned pyperclip.copy() at line 183
Browser NONE NONE No browser operations
Database NONE NONE No database access

File Tree

3 files · 10.4 KB · 327 lines
Python 1f · 264L Markdown 2f · 63L
├─ 📁 references
│ └─ 📝 config.md Markdown 8L · 325 B
├─ 📁 scripts
│ └─ 🐍 kindle_notes_to_md.py Python 264L · 8.3 KB
└─ 📝 SKILL.md Markdown 55L · 1.8 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
beautifulsoup4 * pip No Standard HTML parser library
pyperclip * pip No Cross-platform clipboard access
eglogging * pip No Logging utility

Security Positives

✓ No network requests or external communication
✓ No credential harvesting or environment variable access
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote code execution or shell command injection
✓ Uses legitimate, well-known Python libraries (BeautifulSoup, pyperclip)
✓ File operations are limited to user-provided input and configured output directory
✓ No persistence mechanisms or backdoors
✓ No supply chain risks - dependencies are standard libraries