扫描报告
20 /100
feishu-doc-block-writer
飞书文档 Block 拆分写入技能 - 自动将长内容拆分为多个 Blocks 写入飞书文档
Documentation-only skill referencing non-existent implementation scripts - no actual malicious code present, but SKILL.md promises functionality that doesn't exist.
可以安装
This skill references scripts/block-writer.py that are not included in the package. Either add the implementation files or update SKILL.md to clarify this is a documentation-only reference skill.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Missing Implementation Files 文档欺骗 | SKILL.md:53 |
| 提示 | Unverified Tool Usage 文档欺骗 | SKILL.md:13 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | SKILL.md mentions script paths but no files exist |
| 网络访问 | NONE | NONE | — | No network calls in documentation or code |
| 命令执行 | NONE | NONE | — | SKILL.md shows bash examples but no scripts exist |
| 环境变量 | NONE | NONE | — | No environment variable access documented |
| 技能调用 | NONE | READ | ✓ 一致 | SKILL.md: mentions feishu_doc tool usage (create/append methods) |
| 剪贴板 | NONE | NONE | — | No clipboard access documented |
| 浏览器 | NONE | NONE | — | Mentions auto_open_chrome config but no actual browser automation code |
| 数据库 | NONE | NONE | — | No database access documented |
目录结构
2 文件 · 7.5 KB · 368 行 Markdown 1f · 349L
JSON 1f · 19L
├─
skill.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No malicious code or scripts present in the package
✓ No credential harvesting or environment variable access
✓ No network calls or data exfiltration mechanisms
✓ No obfuscated code or base64-encoded payloads
✓ No suspicious file access patterns (no ~/.ssh, ~/.aws, .env access)
✓ No supply chain risks (no external dependencies)
✓ Clean JSON metadata with proper MIT license