扫描报告
10 /100
reviewer-rebuttal-coach
从剪贴板读取审稿意见、导师批注或评审反馈,生成逐条回复、修改计划与优先级建议
A minimal-risk clipboard reading skill that uses a single documented macOS command (pbpaste) to extract text, with no hidden functionality or data exfiltration.
可以安装
This skill is safe to use. The shell:WRITE permission is narrowly scoped to the pbpaste utility as documented. Consider adding clipboard:READ to the declared capabilities for clarity.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Shell execution not strictly scoped to clipboard 权限提升 | scripts/read_clipboard.mjs:4 |
| 低危 | Clipboard access not explicitly declared 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md metadata.requires.bins declares 'pbpaste' command |
| 剪贴板 | NONE | READ | ✓ 一致 | Functionality reads clipboard but not explicitly declared; justified by pbpaste |
| 文件系统 | NONE | NONE | — | No file operations in read_clipboard.mjs |
| 网络访问 | NONE | NONE | — | No network requests in any file |
目录结构
4 文件 · 2.0 KB · 90 行 Markdown 3f · 71L
JavaScript 1f · 19L
├─
▾
scripts
│ └─
read_clipboard.mjs
JavaScript
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ No external network requests or data exfiltration
✓ No credential harvesting or environment variable access
✓ No file system writes or sensitive path access
✓ No obfuscation, base64 encoding, or anti-analysis patterns
✓ Functionality is straightforward and matches documentation
✓ Only uses a single, documented macOS utility (pbpaste)
✓ Error handling present for empty clipboard scenarios