扫描报告
0 /100
file-indexer
Fast filesystem catalog for finding files by name, date, type, or size. Indexes metadata only (no content). Uses SQLite for instant lookups.
Legitimate file metadata indexer with solid security controls — indexes only filenames/sizes/dates in SQLite from restricted directories with no network access or credential exposure.
可以安装
Skill is safe to use. Consider adding explicit database:WRITE declaration in allowed-tools if your framework requires it.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | scripts/indexer.py:88 - os.walk(root) |
| 数据库 | NONE | WRITE | ✓ 一致 | scripts/indexer.py:39 - sqlite3.connect(DB_PATH) |
| 网络访问 | NONE | NONE | — | No network imports or requests |
| 命令执行 | NONE | NONE | — | No subprocess/os.system calls |
| 环境变量 | NONE | NONE | — | No os.environ access |
目录结构
2 文件 · 10.0 KB · 308 行 Python 1f · 243L
Markdown 1f · 65L
├─
▾
scripts
│ └─
indexer.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Indexes only metadata (name, size, date, extension) — no file contents ever read
✓ Strict ALLOWED_ROOTS limits scanning to ~/Documenti and ~/Scaricati only
✓ BLOCKED_DIRS excludes .ssh, .gnupg, .config, credentials, .cache, .Trash and other sensitive paths
✓ No network requests — fully air-gapped operation
✓ No shell execution or subprocess usage
✓ No credential or environment variable access
✓ SQLite with parameterized queries — no SQL injection risk
✓ Uses INSERT OR REPLACE — idempotent and safe for rebuilds
✓ SKILL.md accurately describes behavior with clear security documentation