Scan Report
5 /100
consistency-checker
一致性检查器 - 检测小说章节中的一致性问题
A legitimate novel consistency checker that reads character YAML files and chapter text files, detects inconsistencies, and writes reports. No malicious behavior detected.
Safe to install
No action required. The skill is safe to use as documented.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Dependencies lack version pinning Supply Chain | scripts/requirements.txt:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/check_consistency.py:98-110 (reads characters/*.yml and chapters/*.txt) |
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/check_consistency.py:178-185 (writes report to output_path) |
| Network | NONE | NONE | — | No network requests in implementation |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
File Tree
3 files · 16.8 KB · 504 lines Python 1f · 334L
Markdown 1f · 168L
Text 1f · 2L
├─
▾
scripts
│ ├─
check_consistency.py
Python
│ └─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
rich | unpinned | pip | No | Popular terminal rendering library, version not pinned |
PyYAML | unpinned | pip | No | Standard YAML parser, uses safe_load() in code |
Security Positives
✓ Uses yaml.safe_load() instead of unsafe yaml.load() - prevents arbitrary code execution
✓ No subprocess or shell execution - purely Python file processing
✓ No network requests or data exfiltration
✓ No credential harvesting or sensitive file access
✓ No obfuscation techniques (base64, eval, etc.)
✓ File operations scoped to user-provided book directory
✓ Uses standard, well-audited libraries (rich, PyYAML)
✓ Documentation accurately describes all implemented functionality
✓ No hidden functionality or shadow features