扫描报告
0 /100
Thesaurus
Lightweight Thesaurus tracker with history and export capabilities
This is a genuine thesaurus/logging utility that behaves exactly as documented, with no hidden functionality, network access, or credential harvesting.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | scripts/script.sh:1 - bash shebang required for CLI tool |
| 文件系统 | WRITE | WRITE | ✓ 一致 | scripts/script.sh:7 - writes to ~/.local/share/thesaurus/ |
| 网络访问 | NONE | NONE | — | No network calls in script; claims 'offline-only' are accurate |
| 环境变量 | NONE | NONE | — | No environment variable access for sensitive data |
| 凭据 | NONE | NONE | — | No credential access observed |
3 项发现
中危 外部 URL 外部 URL
https://bytesagain.com SKILL.md:6 中危 外部 URL 外部 URL
https://bytesagain.com/feedback/ SKILL.md:98 提示 邮箱 邮箱地址
[email protected] SKILL.md:101 目录结构
2 文件 · 14.4 KB · 414 行 Shell 1f · 313L
Markdown 1f · 101L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ Script behavior exactly matches SKILL.md documentation
✓ No network calls - truly offline as claimed
✓ No credential or sensitive file access
✓ No obfuscation techniques (base64, eval, etc.)
✓ No remote script execution patterns
✓ No persistence mechanisms (cron, startup hooks)
✓ All file operations scoped to declared ~/.local/share/thesaurus/
✓ Simple timestamped logging with no hidden data exfiltration
✓ Standard bash utilities only (date, wc, grep, tail, cat)