中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:17 hr ago Rescan
20 /100
zhua-distributed
爪爪分布式部署系统 —— 实现多实例协同、负载均衡、故障转移
A minimal, benign distributed system init script that creates local config files with no network, credential, or execution risks; the only concern is incomplete allowed-tools declaration in SKILL.md.
Skill Namezhua-distributed
Duration33.1s
Enginepi
Safe to install
Add explicit allowed-tools declaration and filesystem:WRITE permission to SKILL.md for the config directory write operation to fully document the skill's capabilities.

Findings 2 items

Severity Finding Location
Low
SKILL.md missing allowed-tools declaration Doc Mismatch
SKILL.md has no allowed-tools section. The script init_master.py performs filesystem:WRITE to ~/.zhua/distributed/ which is not formally declared.
No allowed-tools declaration found in frontmatter
→ Add an allowed-tools declaration to SKILL.md frontmatter, e.g. allowed-tools: Read, Write, Bash
 SKILL.md:1
Low
Placeholder scripts with no real functionality Doc Mismatch
example.py is a placeholder with TODO comments. While not malicious, it indicates incomplete implementation.
TODO: Add actual script logic here
→ Either implement meaningful functionality or remove placeholder scripts
 scripts/example.py:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation scripts/init_master.py:21 — Path.home() / ".zhua" / "distributed" with mkdir par…
Network NONE NONE No network activity found in any script
Shell NONE NONE No subprocess or shell execution in any script
Environment NONE NONE No os.environ access found
Database NONE NONE No database access found
Clipboard NONE NONE No clipboard access found
Browser NONE NONE No browser access found
Skill Invoke NONE NONE No skill invocation found

File Tree

5 files · 6.4 KB · 216 lines
Markdown 2f · 122L Python 2f · 70L Text 1f · 24L
├─ 📁 assets
│ └─ 📄 example_asset.txt Text 24L · 865 B
├─ 📁 references
│ └─ 📝 api_reference.md Markdown 34L · 967 B
├─ 📁 scripts
│ ├─ 🐍 example.py Python 19L · 591 B
│ └─ 🐍 init_master.py Python 51L · 1.3 KB
└─ 📝 SKILL.md Markdown 88L · 2.8 KB

Security Positives

✓ No network requests, external IPs, or data exfiltration
✓ No credential harvesting or environment variable access
✓ No shell execution, subprocess, or curl/wget usage
✓ No base64, obfuscation, or anti-analysis patterns
✓ No sensitive paths (~/.ssh, ~/.aws, .env) accessed
✓ Simple, transparent Python code with no hidden functionality
✓ All reference docs and assets are clearly marked as placeholders
✓ No malicious indicators in pre-scan IOCs