中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:20 小时前 重新扫描
5 /100
DataView
Data logging and history tracking utility for CLI operations
DataView is a legitimate local logging tool that records user inputs to timestamped log files. No malicious behavior, credential access, network calls, or obfuscation detected.
技能名称DataView
分析耗时27.0s
引擎pi
可以安装
No action needed. The skill performs exactly as documented - local-only logging to ~/.local/share/dataview/.

安全发现 1 项

严重性 安全发现 位置
低危
Misleading capability description 文档欺骗
SKILL.md describes DataView as a 'data processing toolkit for ingesting, transforming, querying' with 'quick queries, filters, and aggregation', but the actual implementation only logs arbitrary user input strings to files without performing any actual data processing, querying, or filtering operations on CSV/JSON data.
echo "$ts|$input" >> "$DATA_DIR/ingest.log"
→ Update SKILL.md to accurately describe the tool as a logging utility rather than a data processing toolkit. The script stores timestamped records, not processed data.
 scripts/script.sh
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 script.sh:9 mkdir -p and write operations to ~/.local/share/dataview/
命令执行 NONE NONE No subprocess or command execution detected
网络访问 NONE NONE No network requests in code
3 项发现
🔗
中危 外部 URL 外部 URL
https://bytesagain.com
SKILL.md:6
🔗
中危 外部 URL 外部 URL
https://bytesagain.com/feedback
SKILL.md:105
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:104

目录结构

2 文件 · 15.0 KB · 418 行
Shell 1f · 313L Markdown 1f · 105L
├─ 📁 scripts
│ └─ 🔧 script.sh Shell 313L · 11.0 KB
└─ 📝 SKILL.md Markdown 105L · 4.0 KB

安全亮点

✓ Uses 'set -euo pipefail' for safe bash execution
✓ No network requests or external API calls
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob)
✓ No remote script execution (curl|bash, wget|sh)
✓ All operations are local-only to ~/.local/share/dataview/
✓ No external dependencies beyond standard Unix utilities
✓ Clean, readable code without hidden functionality