扫描报告
0 /100
smart-prompt-builder
智能提示构建器 - 根据语料库检索结果生成优化的写作提示
This is a legitimate prompt-building tool for creative writing that performs exactly as documented with no security concerns.
可以安装
No action needed. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | build_prompt.py:85 - yaml.safe_load() for style.yml |
| 文件系统 | WRITE | WRITE | ✓ 一致 | build_prompt.py:351 - open(args.output, 'w') for output file |
| 网络访问 | NONE | NONE | — | No network imports or requests in code |
| 命令执行 | NONE | NONE | — | No subprocess or os.system calls in code |
| 环境变量 | NONE | NONE | — | No os.environ access for credential harvesting |
| 剪贴板 | NONE | NONE | — | No clipboard module imported |
| 浏览器 | NONE | NONE | — | No browser or web automation imports |
| 数据库 | NONE | NONE | — | No database imports |
目录结构
5 文件 · 25.4 KB · 903 行 Python 1f · 487L
Markdown 2f · 392L
YAML 1f · 23L
Text 1f · 1L
├─
▾
assets
│ └─
style.yml
YAML
├─
▾
scripts
│ ├─
build_prompt.py
Python
│ ├─
README.md
Markdown
│ └─
requirements.txt
Text
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
rich | >=12.0.0 | pip | 否 | Standard terminal rendering library |
PyYAML | not specified | pip | 否 | YAML parsing library |
安全亮点
✓ Code matches documentation exactly - no hidden functionality
✓ No shell execution or subprocess calls
✓ No network requests - all processing is local
✓ Uses yaml.safe_load() for safe YAML parsing
✓ No credential harvesting or environment variable access
✓ No access to sensitive paths (~/.ssh, ~/.aws, etc.)
✓ No obfuscation techniques (base64, eval, exec)
✓ Dependencies are standard, legitimate libraries (rich, PyYAML)
✓ Pinned dependency versions in requirements.txt
✓ Clean, well-documented code with proper error handling