guoshun-bid-doc-analyzer 安全扫描报告 — 可信 | ClawSafe

5 /100

guoshun-bid-doc-analyzer

国顺招标文件分析技能 - 江苏国顺智能科技有限公司专用。自动分析招标文件（PDF），输出结构化投标决策支持报告。

A legitimate Chinese bidding document analyzer skill with no security issues. The skill uses pdfplumber to extract PDF text and generates structured tender/bid analysis reports for a construction company.

技能名称guoshun-bid-doc-analyzer

分析耗时26.6s

引擎pi

✓

可以安装

No action required. The skill is safe to deploy and use.

安全发现 1 项

严重性	安全发现	位置
低危	Dependency not pinned in SKILL.md 供应链 The SKILL.md references pdfplumber as the PDF extraction library but does not explicitly declare it as a dependency in documentation. The Python script handles the ImportError gracefully. `PDF读取使用 pdfplumber 或 pdftotext` → Add a 'Dependencies' section listing pdfplumber as required.	`SKILL.md:190`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md states PDF file upload; extract_pdf.py reads PDF files only
网络访问	`NONE`	`NONE`	—	No network requests found in any file
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution in scripts/extract_pdf.py
环境变量	`NONE`	`NONE`	—	No os.environ access in Python script
技能调用	`READ`	`READ`	✓ 一致	SKILL.md documents invocation via user file upload

目录结构

3 文件 · 23.8 KB · 696 行

Markdown 2f · 631L Python 1f · 65L

├─ ▾ 📁 references

│ └─ 📝 sample-projects.md Markdown 404L · 14.6 KB

├─ ▾ 📁 scripts

│ └─ 🐍 extract_pdf.py Python 65L · 1.9 KB

└─ 📝 SKILL.md Markdown 227L · 7.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`pdfplumber`	`*`	pip	否	Not pinned; ImportError handled gracefully

安全亮点

✓ No credential access or harvesting detected

✓ No network requests or data exfiltration

✓ No shell execution or code obfuscation

✓ Documentation accurately reflects the Python script's functionality

✓ No suspicious file paths accessed (~/.ssh, ~/.aws, .env)

✓ Clean Python code with no high-risk patterns (base64, eval, subprocess)

✓ References sample projects for legitimate business context

✓ Skill is scoped to PDF analysis only with no hidden functionality