扫描报告
5 /100
stitch-design-agent
Skill for integrating Google Stitch designs into apps via OAuth authentication and API calls
This is a documentation-only skill that describes a legitimate Google Stitch design integration workflow with all capabilities properly declared in SKILL.md.
可以安装
No action required. The skill consists solely of documentation describing standard OAuth authentication and build tool usage.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md lines 94-102 describe fs.writeFileSync usage |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md lines 46-68 describe OAuth and API calls to Google endpoints |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md lines 109-113 describe execSync calls for build tools |
1 项发现
中危 外部 URL 外部 URL
https://accounts.google.com/o/oauth2/v2/auth SKILL.md:39 目录结构
1 文件 · 7.4 KB · 256 行 Markdown 1f · 256L
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities explicitly declared in SKILL.md documentation
✓ No executable code or scripts present - documentation only
✓ OAuth flow uses legitimate Google endpoints (accounts.google.com, oauth2.googleapis.com)
✓ Stitch API endpoint is a legitimate Google service (stitch.googleapis.com)
✓ File operations scoped to feature-specific paths (src/components/)
✓ Shell commands limited to standard development tools (npm, npx, tsc, grep)
✓ No obfuscation, base64 encoding, or suspicious patterns detected
✓ No credential harvesting or exfiltration behavior
✓ No sensitive path access (~/.ssh, ~/.aws, .env files not accessed)