Scan Report
0 /100
smart-prompt-builder
智能提示构建器 - 根据语料库检索结果生成优化的写作提示
This is a legitimate prompt-building tool for creative writing that performs exactly as documented with no security concerns.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | build_prompt.py:85 - yaml.safe_load() for style.yml |
| Filesystem | WRITE | WRITE | ✓ Aligned | build_prompt.py:351 - open(args.output, 'w') for output file |
| Network | NONE | NONE | — | No network imports or requests in code |
| Shell | NONE | NONE | — | No subprocess or os.system calls in code |
| Environment | NONE | NONE | — | No os.environ access for credential harvesting |
| Clipboard | NONE | NONE | — | No clipboard module imported |
| Browser | NONE | NONE | — | No browser or web automation imports |
| Database | NONE | NONE | — | No database imports |
File Tree
5 files · 25.4 KB · 903 lines Python 1f · 487L
Markdown 2f · 392L
YAML 1f · 23L
Text 1f · 1L
├─
▾
assets
│ └─
style.yml
YAML
├─
▾
scripts
│ ├─
build_prompt.py
Python
│ ├─
README.md
Markdown
│ └─
requirements.txt
Text
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
rich | >=12.0.0 | pip | No | Standard terminal rendering library |
PyYAML | not specified | pip | No | YAML parsing library |
Security Positives
✓ Code matches documentation exactly - no hidden functionality
✓ No shell execution or subprocess calls
✓ No network requests - all processing is local
✓ Uses yaml.safe_load() for safe YAML parsing
✓ No credential harvesting or environment variable access
✓ No access to sensitive paths (~/.ssh, ~/.aws, etc.)
✓ No obfuscation techniques (base64, eval, exec)
✓ Dependencies are standard, legitimate libraries (rich, PyYAML)
✓ Pinned dependency versions in requirements.txt
✓ Clean, well-documented code with proper error handling