扫描报告
5 /100
tidepool
Build and deploy web apps from command line for autonomous AI agents
Tidepool is a legitimate web app deployment framework with clearly declared capabilities and no indicators of malicious behavior.
可以安装
This skill is safe to use. The declared capabilities (filesystem, network, shell, database) are appropriate for a web deployment tool and are fully documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | Local dev storage in tp_data/, static file serving from static/ |
| 网络访问 | READ | READ | ✓ 一致 | curl https://tidepool.sh/api, tp.http.get/post |
| 命令执行 | WRITE | WRITE | ✓ 一致 | pip install tidepool, tidepool CLI commands (deploy, push, pull) |
| 数据库 | WRITE | WRITE | ✓ 一致 | tp.db for key-value storage operations |
| 环境变量 | NONE | NONE | — | No direct environment variable access detected |
| 技能调用 | NONE | NONE | — | No cross-skill invocation detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | NONE | — | No browser automation detected |
5 项发现
中危 外部 URL 外部 URL
https://tidepool.sh SKILL.md:7 中危 外部 URL 外部 URL
https://tidepool.sh/api SKILL.md:31 中危 外部 URL 外部 URL
https://my-app.tidepool.sh SKILL.md:49 提示 邮箱 邮箱地址
[email protected] SKILL.md:99 提示 邮箱 邮箱地址
[email protected] SKILL.md:102 目录结构
1 文件 · 5.0 KB · 118 行 Markdown 1f · 118L
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities are clearly declared in documentation
✓ No base64 encoding, obfuscation, or anti-analysis techniques detected
✓ No credential harvesting from environment variables
✓ No remote code execution via curl|bash patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Secrets management uses a declared local file (tp_data/secrets.json)
✓ Standard web framework patterns used throughout