中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:18 hr ago Rescan
5 /100
DataView
Data logging and history tracking utility for CLI operations
DataView is a legitimate local logging tool that records user inputs to timestamped log files. No malicious behavior, credential access, network calls, or obfuscation detected.
Skill NameDataView
Duration27.0s
Enginepi
Safe to install
No action needed. The skill performs exactly as documented - local-only logging to ~/.local/share/dataview/.

Findings 1 items

Severity Finding Location
Low
Misleading capability description Doc Mismatch
SKILL.md describes DataView as a 'data processing toolkit for ingesting, transforming, querying' with 'quick queries, filters, and aggregation', but the actual implementation only logs arbitrary user input strings to files without performing any actual data processing, querying, or filtering operations on CSV/JSON data.
echo "$ts|$input" >> "$DATA_DIR/ingest.log"
→ Update SKILL.md to accurately describe the tool as a logging utility rather than a data processing toolkit. The script stores timestamped records, not processed data.
 scripts/script.sh
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned script.sh:9 mkdir -p and write operations to ~/.local/share/dataview/
Shell NONE NONE No subprocess or command execution detected
Network NONE NONE No network requests in code
3 findings
🔗
Medium External URL 外部 URL
https://bytesagain.com
SKILL.md:6
🔗
Medium External URL 外部 URL
https://bytesagain.com/feedback
SKILL.md:105
📧
Info Email 邮箱地址
[email protected]
SKILL.md:104

File Tree

2 files · 15.0 KB · 418 lines
Shell 1f · 313L Markdown 1f · 105L
├─ 📁 scripts
│ └─ 🔧 script.sh Shell 313L · 11.0 KB
└─ 📝 SKILL.md Markdown 105L · 4.0 KB

Security Positives

✓ Uses 'set -euo pipefail' for safe bash execution
✓ No network requests or external API calls
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob)
✓ No remote script execution (curl|bash, wget|sh)
✓ All operations are local-only to ~/.local/share/dataview/
✓ No external dependencies beyond standard Unix utilities
✓ Clean, readable code without hidden functionality