Scan Report
5 /100
auto-dev
Automotive data for AI agents via MCP tools, CLI commands, SDK methods, or direct API calls
Pure documentation skill for Auto.dev automotive API with no executable code, scripts, or malicious behavior detected. The flagged 'API_KEY' is a clearly marked placeholder example in documentation, not a real credential.
Safe to install
No action required. This skill is safe to use as it contains only markdown documentation files.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Info | Placeholder API Key in Documentation Doc Mismatch | README.md:88 |
| Info | External URL References Sensitive Access | README.md, SKILL.md |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | NONE | READ | ✓ Aligned | References api.auto.dev URLs for API documentation purposes |
| Shell | NONE | NONE | — | No shell commands or subprocess documented |
| Environment | READ | READ | ✓ Aligned | SKILL.md:8 - reads AUTODEV_API_KEY for optional API authentication |
| Skill Invoke | NONE | NONE | — | No skill chaining or invocation patterns |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | No browser automation documented |
| Database | NONE | NONE | — | No database access documented |
1 High 36 findings
High API Key 疑似硬编码凭证
API_KEY="sk_ad_your_key_here" README.md:88 Medium External URL 外部 URL
https://www.contributor-covenant.org CODE_OF_CONDUCT.md:41 Medium External URL 外部 URL
https://docs.auto.dev/ CONTRIBUTING.md:66 Medium External URL 外部 URL
https://img.shields.io/github/license/drivly/auto-dev-skill README.md:8 Medium External URL 外部 URL
https://img.shields.io/github/stars/drivly/auto-dev-skill README.md:9 Medium External URL 外部 URL
https://img.shields.io/github/issues/drivly/auto-dev-skill README.md:10 Medium External URL 外部 URL
https://skills.sh/drivly/auto-dev-skill/auto-dev README.md:11 Medium External URL 外部 URL
https://img.shields.io/badge/skills.sh-auto--dev-blue README.md:11 Medium External URL 外部 URL
https://docs.auto.dev/v2/cli-mcp-sdk README.md:12 Medium External URL 外部 URL
https://img.shields.io/badge/docs-auto.dev-black README.md:12 Medium External URL 外部 URL
https://clawhub.ai/bryant22/auto-dev README.md:13 Medium External URL 外部 URL
https://img.shields.io/badge/clawhub-auto--dev-orange README.md:13 Medium External URL 外部 URL
https://auto.dev README.md:17 Medium External URL 外部 URL
https://auto.dev/dashboard README.md:85 Medium External URL 外部 URL
https://www.auto.dev/pricing README.md:145 Medium External URL 外部 URL
https://auto.dev/pricing SKILL.md:45 Medium External URL 外部 URL
https://api.auto.dev SKILL.md:100 Medium External URL 外部 URL
https://auto.dev/api SKILL.md:101 Medium External URL 外部 URL
https://api.auto.dev/listings?vehicle.make=Mazda&vehicle.model=CX-90&retailListing.price=1-60000&retailListing.state=FL examples.md:9 Medium External URL 外部 URL
https://www.carfax.com/VehicleHistory/p/Report.cfx?vin=JM3KKAHD5T1379650&partner=FRD_2 examples.md:41 Medium External URL 外部 URL
https://retail.photos.vin/JM3KKAHD5T1379650-1.jpg examples.md:47 Medium External URL 外部 URL
https://www.lithia.com/catcher.esl?vin=JM3KKAHD5T1379650 examples.md:49 Medium External URL 外部 URL
https://api.auto.dev/vin/JM3KKAHD5T1379650 examples.md:77 Medium External URL 外部 URL
https://api.auto.dev/payments/JM3KKAHD5T1379650?price=39520&zip=33132&downPayment=5000&loanTerm=60 examples.md:126 Medium External URL 外部 URL
https://api.auto.dev/recalls/1FMUK7DHXSGA27345 examples.md:194 Medium External URL 外部 URL
https://api.auto.dev/tco/1C4SJVBP5RS114977?zip=33132 examples.md:236 Medium External URL 外部 URL
https://api.auto.dev/listings integration-recipes.md:228 Medium External URL 外部 URL
https://checkout.auto.dev/c/pay/cs_live_b1ADJsHS7aKwyfy3VtKCrsOwqFS5KypHun0IJNWTEdvUOaqRkIMO4cKVtg#fid1d2BpamRhQ2prcSc%2... pricing.md:56 Medium External URL 外部 URL
https://checkout.auto.dev/c/pay/cs_live_b1TL0JYID0rFU4npa6aHx3ehYjbZ6UYSPRXN4PN2uBf2IaFKmt9QOG62nR#fid1d2BpamRhQ2prcSc%2... pricing.md:57 Medium External URL 外部 URL
https://checkout.auto.dev/c/pay/cs_live_b15OTFmnq3Z1Ub3WsROc5yHd3gC3EcFNrCn5xqpbgKEsH1Vzf7zxq2Qm5e#fid1d2BpamRhQ2prcSc%2... pricing.md:58 Medium External URL 外部 URL
https://api.auto.dev/listings/ v2-listings-api.md:85 Medium External URL 外部 URL
https://api.auto.dev/plate/ v2-plate-api.md:3 Medium External URL 外部 URL
https://api.auto.dev/ v2-vin-apis.md:3 Medium External URL 外部 URL
https://api.auto.dev/photos/retail/ v2-vin-apis.md:45 Info Email 邮箱地址
[email protected] CODE_OF_CONDUCT.md:37 Info Email 邮箱地址
[email protected] integration-recipes.md:155 File Tree
20 files · 110.8 KB · 3651 lines Markdown 19f · 3650L
YAML 1f · 1L
├─
▾
.github
│ ├─
▾
ISSUE_TEMPLATE
│ │ ├─
bug_report.md
Markdown
│ │ └─
feature_request.md
Markdown
│ └─
FUNDING.yml
YAML
├─
app-scaffolding.md
Markdown
├─
business-workflows.md
Markdown
├─
chaining-patterns.md
Markdown
├─
CODE_OF_CONDUCT.md
Markdown
├─
code-patterns.md
Markdown
├─
CONTRIBUTING.md
Markdown
├─
error-recovery.md
Markdown
├─
examples.md
Markdown
├─
integration-recipes.md
Markdown
├─
interactive-explorer.md
Markdown
├─
pricing.md
Markdown
├─
README.md
Markdown
├─
SKILL.md
Markdown
├─
v1-apis.md
Markdown
├─
v2-listings-api.md
Markdown
├─
v2-plate-api.md
Markdown
└─
v2-vin-apis.md
Markdown
Security Positives
✓ No executable code or scripts present - pure documentation skill
✓ No obfuscation, base64, or suspicious encoding patterns
✓ Clear documentation of all API endpoints and capabilities
✓ Metadata properly declares AUTODEV_API_KEY as optional and secret
✓ No credential harvesting beyond what's necessary for API authentication
✓ No data exfiltration or C2 communication patterns
✓ No supply chain risks (no package dependencies in skill)
✓ MIT licensed open-source project from established repository