扫描报告
5 /100
polish
Pre-release code review - runs lint/type checks, then launches 3 parallel review agents to analyze the diff, synthesizes a unified report, and fixes with approval.
A legitimate pre-release code review skill that runs lint/type checks and parallel review agents against git diffs. No malicious behavior detected; all observed functionality aligns with documented purpose.
可以安装
No action needed. The skill is safe to use as a code review assistant.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: Reads every changed file fully before reviewing (Rule 1, Phase 2) |
| 命令执行 | NONE | READ | ✓ 一致 | SKILL.md: Runs git diff, git diff --cached, git rev-parse, and project lint/type… |
| 技能调用 | NONE | WRITE | ✓ 一致 | SKILL.md Phase 3: Launches 3 parallel Agent tool calls for review sub-tasks |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md: Runs project validation commands which may make HTTP calls (e.g., fetc… |
1 项发现
中危 外部 URL 外部 URL
https://www.apache.org/licenses/ LICENSE.txt:3 目录结构
8 文件 · 33.9 KB · 853 行 Shell 5f · 487L
Text 1f · 162L
Markdown 1f · 132L
JSON 1f · 72L
├─
▾
evals
│ ├─
▾
fixtures
│ │ ├─
▾
clean
│ │ │ └─
setup.sh
Shell
│ │ ├─
▾
cleanliness
│ │ │ └─
setup.sh
Shell
│ │ ├─
▾
design-reuse
│ │ │ └─
setup.sh
Shell
│ │ ├─
▾
efficiency
│ │ │ └─
setup.sh
Shell
│ │ └─
▾
mixed
│ │ └─
setup.sh
Shell
│ └─
evals.json
JSON
├─
LICENSE.txt
Text
└─
SKILL.md
Markdown
安全亮点
✓ All Phase 3 findings are validated against actual code before reporting (Phase 4)
✓ Skill requires explicit user approval before making any fixes (Phase 5)
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration detected
✓ No obfuscation, reverse shell, or C2 patterns
✓ No base64/eval execution or suspicious URL/IP contact
✓ evals/ fixtures are isolated test repositories created in temp directories
✓ Skill is a pure code review tool with well-scoped, legitimate behavior