Scan Report
0 /100
cogdx-feedback
FREE cognitive feedback verification for AI agents via Cerebratech CogDx API. Submits performance data to verify retraining improvement and earns diagnostic credits.
Pure documentation skill with only declared external API calls; no executable code, scripts, or hidden behavior detected.
Safe to install
Skill is safe to use. No action required. Users should note that agent performance data is sent to an external Cerebratech API, which is clearly declared in SKILL.md.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access in any file |
| Network | READ | READ | ✓ Aligned | SKILL.md declares POST https://api.cerebratech.ai/feedback |
| Shell | NONE | NONE | — | No shell execution in any file |
| Environment | NONE | NONE | — | No environment variable access in any file |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation in any file |
| Clipboard | NONE | NONE | — | No clipboard access in any file |
| Browser | NONE | NONE | — | No browser automation in any file |
| Database | NONE | NONE | — | No database access in any file |
2 findings
Medium External URL 外部 URL
https://api.cerebratech.ai/feedback SKILL.md:23 Medium External URL 外部 URL
https://api.cerebratech.ai/catalog references/api.md:59 File Tree
2 files · 5.0 KB · 155 lines Markdown 2f · 155L
├─
▾
references
│ └─
api.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill — no executable code or scripts present
✓ All network behavior (single POST to api.cerebratech.ai) is fully declared in SKILL.md with complete payload schema
✓ MIT license and public GitHub repository (github.com/drkavner/cogdx) provide verifiable provenance
✓ No credential harvesting, environment variable access, or sensitive file paths
✓ No obfuscation, base64 encoding, or hidden functionality
✓ No supply chain dependencies (no requirements.txt, package.json, Cargo.toml, etc.)
✓ Clean pre-scan: no .env files, no binary files, no sensitive files detected
✓ No privilege escalation, persistence, or prompt injection patterns