Scan Report
5 /100
windows-package-manager-installer
Install Windows software and package manager environments using winget or Chocolatey
Pure documentation skill for Windows package management guidance with no executable code, no hidden functionality, and all capabilities properly declared.
Safe to install
This skill is safe to use. It provides only documentation and guidance for legitimate package manager operations. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access - this is a documentation skill |
| Network | NONE | NONE | — | No network calls - only provides URL references for user to execute |
| Shell | NONE | NONE | — | No shell execution - only documents PowerShell commands for user reference |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No skill invocation capability |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://community.chocolatey.org/install.ps1 SKILL.md:143 Medium External URL 外部 URL
https://mirrors.tuna.tsinghua.edu.cn/chocolatey/ SKILL.md:150 File Tree
2 files · 8.7 KB · 225 lines Markdown 2f · 225L
├─
▾
references
│ └─
package-selection.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code - no attack surface
✓ All external URLs (Chocolatey install script, Tsinghua mirror) are clearly documented with legitimate purposes
✓ Documentation accurately describes intended behavior - no doc-to-code mismatch
✓ No credential access or data exfiltration potential
✓ Commands provided are standard PowerShell package manager operations
✓ Includes appropriate guardrails and verification steps