中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
consistency-checker
一致性检查器 - 检测小说章节中的一致性问题
A legitimate novel consistency checker that reads character YAML files and chapter text files, detects inconsistencies, and writes reports. No malicious behavior detected.
技能名称consistency-checker
分析耗时30.5s
引擎pi
可以安装
No action required. The skill is safe to use as documented.

安全发现 1 项

严重性 安全发现 位置
低危
Dependencies lack version pinning 供应链
requirements.txt specifies 'rich' and 'PyYAML' without version constraints. This could theoretically allow a malicious version to be installed.
rich
PyYAML
→ Pin versions: rich==13.7.0, PyYAML==6.0.1
 scripts/requirements.txt:1
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 scripts/check_consistency.py:98-110 (reads characters/*.yml and chapters/*.txt)
文件系统 WRITE WRITE ✓ 一致 scripts/check_consistency.py:178-185 (writes report to output_path)
网络访问 NONE NONE No network requests in implementation
命令执行 NONE NONE No subprocess or shell execution found

目录结构

3 文件 · 16.8 KB · 504 行
Python 1f · 334L Markdown 1f · 168L Text 1f · 2L
├─ 📁 scripts
│ ├─ 🐍 check_consistency.py Python 334L · 12.8 KB
│ └─ 📄 requirements.txt Text 2L · 12 B
└─ 📝 SKILL.md Markdown 168L · 4.0 KB

依赖分析 2 项

包名版本来源已知漏洞备注
rich unpinned pip Popular terminal rendering library, version not pinned
PyYAML unpinned pip Standard YAML parser, uses safe_load() in code

安全亮点

✓ Uses yaml.safe_load() instead of unsafe yaml.load() - prevents arbitrary code execution
✓ No subprocess or shell execution - purely Python file processing
✓ No network requests or data exfiltration
✓ No credential harvesting or sensitive file access
✓ No obfuscation techniques (base64, eval, etc.)
✓ File operations scoped to user-provided book directory
✓ Uses standard, well-audited libraries (rich, PyYAML)
✓ Documentation accurately describes all implemented functionality
✓ No hidden functionality or shadow features