Scan Report
5 /100
tidepool
Build and deploy web apps from command line for autonomous AI agents
Tidepool is a legitimate web app deployment framework with clearly declared capabilities and no indicators of malicious behavior.
Safe to install
This skill is safe to use. The declared capabilities (filesystem, network, shell, database) are appropriate for a web deployment tool and are fully documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | Local dev storage in tp_data/, static file serving from static/ |
| Network | READ | READ | ✓ Aligned | curl https://tidepool.sh/api, tp.http.get/post |
| Shell | WRITE | WRITE | ✓ Aligned | pip install tidepool, tidepool CLI commands (deploy, push, pull) |
| Database | WRITE | WRITE | ✓ Aligned | tp.db for key-value storage operations |
| Environment | NONE | NONE | — | No direct environment variable access detected |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser automation detected |
5 findings
Medium External URL 外部 URL
https://tidepool.sh SKILL.md:7 Medium External URL 外部 URL
https://tidepool.sh/api SKILL.md:31 Medium External URL 外部 URL
https://my-app.tidepool.sh SKILL.md:49 Info Email 邮箱地址
[email protected] SKILL.md:99 Info Email 邮箱地址
[email protected] SKILL.md:102 File Tree
1 files · 5.0 KB · 118 lines Markdown 1f · 118L
└─
SKILL.md
Markdown
Security Positives
✓ All capabilities are clearly declared in documentation
✓ No base64 encoding, obfuscation, or anti-analysis techniques detected
✓ No credential harvesting from environment variables
✓ No remote code execution via curl|bash patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Secrets management uses a declared local file (tp_data/secrets.json)
✓ Standard web framework patterns used throughout