扫描报告
0 /100
neta-community
Neta API community skill for browsing interactive feeds, viewing collection details, liking/interacting with content, and browsing content by tags and characters
This is a purely documentation-only skill with no executable code, describing how to interact with the Neta API community platform via the neta-cli CLI tool.
可以安装
This skill is safe to use. No security concerns identified. Consider pinning the npm package version instead of using @latest for supply chain hardening.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:32 - neta-cli commands are documented shell invocations; this is approp… |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:29 - NETA_TOKEN environment variable required for API authentication |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:32 - All neta-cli commands make API calls to Neta service |
| 文件系统 | NONE | NONE | — | No file write operations in documentation; only temp file caching shown (e.g., /… |
| 技能调用 | NONE | NONE | — | Skill only references other skills (neta-suggest, neta-creative) in documentatio… |
| 剪贴板 | NONE | NONE | — | No clipboard access documented |
| 浏览器 | NONE | NONE | — | No browser automation documented |
| 数据库 | NONE | NONE | — | No direct database access documented |
目录结构
5 文件 · 26.6 KB · 1136 行 Markdown 5f · 1136L
├─
▾
references
│ ├─
character-search.md
Markdown
│ ├─
hashtag-research.md
Markdown
│ ├─
interactive-feed.md
Markdown
│ └─
social-interactive.md
Markdown
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@talesofai/neta-skills | latest | npm | 否 | Using @latest is not recommended for production; pin to a specific version |
安全亮点
✓ No executable code present - purely documentation skill
✓ No credential harvesting beyond single required API token (NETA_TOKEN)
✓ No shell command injection vectors - neta-cli is a well-defined CLI tool
✓ Documentation is clear and comprehensive about intended behavior
✓ No obfuscation, base64, or anti-analysis patterns
✓ No supply chain concerns from this skill itself (npm package is external)
✓ Pre-scan found no sensitive files, IOCs, or suspicious patterns
✓ API token requirement is minimal and appropriate for the use case