中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
omni-translate
Apply high-fidelity localization to structured artifacts such as web apps, docs, PDFs, slide decks, Office files, subtitles, code repositories, and game assets.
OmniTranslate is a benign localization workflow tool with no malicious behavior; minor doc artifact (shebang) is a rendering artifact, not executable code.
Skill Nameomni-translate
Duration44.2s
Enginepi
Safe to install
Approve for use. No security concerns warrant blocking.

Findings 1 items

Severity Finding Location
Low
Shebang in SKILL.md frontmatter is a documentation artifact Doc Mismatch
SKILL.md contains '#!/usr/bin/env python3' within its YAML frontmatter block (between --- delimiters). This is not executable code — it is a copy-paste/rendering artifact from how the skill definition was exported or composed. The shebang cannot be executed by any Python interpreter since it is embedded inside a YAML/Markdown document, not as a standalone file header.
---
→ No action required. If desired for cleanliness, remove the shebang line from the SKILL.md frontmatter block before deployment.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned scripts/probe_artifacts.py uses pathlib.Path.rglob() and .exists() — read-only t…
Network NONE NONE No network imports or requests found in any file
Shell NONE NONE No subprocess, os.system, or shell execution calls in scripts/probe_artifacts.py
Environment NONE NONE No os.environ access or credential harvesting
Skill Invoke NONE NONE No nested skill invocations
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access

File Tree

12 files · 42.0 KB · 1017 lines
Markdown 10f · 715L Python 1f · 298L YAML 1f · 4L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 4L · 245 B
├─ 📁 references
│ ├─ 📝 artifact-pipelines.md Markdown 174L · 6.7 KB
│ ├─ 📝 decision-thresholds.md Markdown 78L · 4.5 KB
│ ├─ 📝 format-risk-checklists.md Markdown 117L · 4.5 KB
│ ├─ 📝 locale-sensitive-typography.md Markdown 50L · 3.4 KB
│ ├─ 📝 quality-gates.md Markdown 84L · 3.9 KB
│ ├─ 📝 README.md Markdown 15L · 791 B
│ ├─ 📝 README.zh-CN.md Markdown 15L · 714 B
│ ├─ 📝 translation-boundaries.md Markdown 92L · 5.2 KB
│ └─ 📝 workflow.md Markdown 58L · 2.6 KB
├─ 📁 scripts
│ └─ 🐍 probe_artifacts.py Python 298L · 7.7 KB
└─ 📝 SKILL.md Markdown 32L · 1.7 KB

Security Positives

✓ Script uses only Python standard library (argparse, json, collections, pathlib) — no third-party dependencies
✓ Filesystem access is strictly read-only traversal (pathlib rglob, no open/write operations)
✓ No network, shell, subprocess, or credential access in any implementation file
✓ No obfuscation, base64, eval, or dynamic code execution
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ No hidden functionality — the 7 reference documents fully describe the complete workflow
✓ Comprehensive quality gates and decision thresholds documented for safe operation