Scan Report
0 /100
Thesaurus
Lightweight Thesaurus tracker with history and export capabilities
This is a genuine thesaurus/logging utility that behaves exactly as documented, with no hidden functionality, network access, or credential harvesting.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | scripts/script.sh:1 - bash shebang required for CLI tool |
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/script.sh:7 - writes to ~/.local/share/thesaurus/ |
| Network | NONE | NONE | — | No network calls in script; claims 'offline-only' are accurate |
| Environment | NONE | NONE | — | No environment variable access for sensitive data |
| credential | NONE | NONE | — | No credential access observed |
3 findings
Medium External URL 外部 URL
https://bytesagain.com SKILL.md:6 Medium External URL 外部 URL
https://bytesagain.com/feedback/ SKILL.md:98 Info Email 邮箱地址
[email protected] SKILL.md:101 File Tree
2 files · 14.4 KB · 414 lines Shell 1f · 313L
Markdown 1f · 101L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ Script behavior exactly matches SKILL.md documentation
✓ No network calls - truly offline as claimed
✓ No credential or sensitive file access
✓ No obfuscation techniques (base64, eval, etc.)
✓ No remote script execution patterns
✓ No persistence mechanisms (cron, startup hooks)
✓ All file operations scoped to declared ~/.local/share/thesaurus/
✓ Simple timestamped logging with no hidden data exfiltration
✓ Standard bash utilities only (date, wc, grep, tail, cat)