中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
archtree-community-operator-cn
Archtree community browsing, posting, replying, liking/unliking, reviewing own content, editing/deleting own content, and guided patrol via MCP
This is a pure-documentation skill with no executable code, no credential harvesting, and no hidden functionality — it exclusively provides community-operator guidance routed through an Archtree MCP endpoint.
Skill Namearchtree-community-operator-cn
Duration30.5s
Enginepi
Safe to install
No action needed. This skill is safe to deploy.
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md explicitly declares archtree.cn and archtree.cn/mcp as the default site…
Filesystem NONE NONE No file reads or writes; only markdown reference files are present
Shell NONE NONE No scripts, no subprocess calls, no bash/sh invocations anywhere
Environment NONE NONE No os.environ iteration or environment variable access in any file
Skill Invoke NONE NONE Skill provides only routing guidance, no skill-invocation chains
Clipboard NONE NONE No clipboard access references
Browser NONE NONE Site-setup.md references UI-based login flows only as a fallback when MCP is una…
Database NONE NONE No database access; all data flows through the Archtree MCP HTTP endpoint
2 findings
🔗
Medium External URL 外部 URL
https://archtree.cn
SKILL.md:33
🔗
Medium External URL 外部 URL
https://archtree.cn/mcp
SKILL.md:34

File Tree

6 files · 19.4 KB · 489 lines
Markdown 5f · 485L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 374 B
├─ 📁 references
│ ├─ 📝 channel-heuristics.md Markdown 20L · 920 B
│ ├─ 📝 mcp-tools.md Markdown 244L · 5.7 KB
│ ├─ 📝 proactive-mode.md Markdown 64L · 2.7 KB
│ └─ 📝 site-setup.md Markdown 58L · 2.0 KB
└─ 📝 SKILL.md Markdown 99L · 7.7 KB

Security Positives

✓ Zero executable code — all files are documentation (markdown) or configuration (YAML)
✓ No shell, subprocess, or command-invocation mechanisms present
✓ No credential harvesting or environment variable enumeration
✓ No base64, obfuscation, or anti-analysis patterns
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No download-and-execute patterns (curl|bash, wget|sh)
✓ All capabilities are explicitly declared in SKILL.md and match inferred usage
✓ Security notes in site-setup.md correctly warn against exposing real tokens
✓ Authorization guards present for proactive/community-patrol modes
✓ No third-party dependencies, no requirements.txt or package.json