Scan Report
0 /100
file-indexer
Fast filesystem catalog for finding files by name, date, type, or size. Indexes metadata only (no content). Uses SQLite for instant lookups.
Legitimate file metadata indexer with solid security controls — indexes only filenames/sizes/dates in SQLite from restricted directories with no network access or credential exposure.
Safe to install
Skill is safe to use. Consider adding explicit database:WRITE declaration in allowed-tools if your framework requires it.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/indexer.py:88 - os.walk(root) |
| Database | NONE | WRITE | ✓ Aligned | scripts/indexer.py:39 - sqlite3.connect(DB_PATH) |
| Network | NONE | NONE | — | No network imports or requests |
| Shell | NONE | NONE | — | No subprocess/os.system calls |
| Environment | NONE | NONE | — | No os.environ access |
File Tree
2 files · 10.0 KB · 308 lines Python 1f · 243L
Markdown 1f · 65L
├─
▾
scripts
│ └─
indexer.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Indexes only metadata (name, size, date, extension) — no file contents ever read
✓ Strict ALLOWED_ROOTS limits scanning to ~/Documenti and ~/Scaricati only
✓ BLOCKED_DIRS excludes .ssh, .gnupg, .config, credentials, .cache, .Trash and other sensitive paths
✓ No network requests — fully air-gapped operation
✓ No shell execution or subprocess usage
✓ No credential or environment variable access
✓ SQLite with parameterized queries — no SQL injection risk
✓ Uses INSERT OR REPLACE — idempotent and safe for rebuilds
✓ SKILL.md accurately describes behavior with clear security documentation