扫描报告
20 /100
kindle2md
Convert Kindle HTML notebook exports to Obsidian Markdown format
A straightforward Kindle-to-Markdown converter with minor documentation gaps but no malicious behavior detected.
可以安装
Consider adding explicit declaration of clipboard and filesystem WRITE capabilities to SKILL.md for full transparency.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Clipboard access undocumented 文档欺骗 | scripts/kindle_notes_to_md.py:183 |
| 低危 | Filesystem WRITE permission implied but not declared 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | SKILL.md describes file output but declares only READ for config |
| 网络访问 | NONE | NONE | — | No network operations observed |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares python script execution |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | READ | ✓ 一致 | pyperclip.copy() at line 183 |
| 浏览器 | NONE | NONE | — | No browser operations |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 10.4 KB · 327 行 Python 1f · 264L
Markdown 2f · 63L
├─
▾
references
│ └─
config.md
Markdown
├─
▾
scripts
│ └─
kindle_notes_to_md.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
beautifulsoup4 | * | pip | 否 | Standard HTML parser library |
pyperclip | * | pip | 否 | Cross-platform clipboard access |
eglogging | * | pip | 否 | Logging utility |
安全亮点
✓ No network requests or external communication
✓ No credential harvesting or environment variable access
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote code execution or shell command injection
✓ Uses legitimate, well-known Python libraries (BeautifulSoup, pyperclip)
✓ File operations are limited to user-provided input and configured output directory
✓ No persistence mechanisms or backdoors
✓ No supply chain risks - dependencies are standard libraries