Scan Report
5 /100
buddy_mode
A living digital companion that grows with the user through virtual buddy creatures
Buddy Mode is a benign gamification skill that renders virtual companion creatures. No malicious code, network activity, credential access, or hidden functionality detected.
Safe to install
This skill is safe to use. It requires only filesystem:WRITE for state persistence (~/.buddy_mode_state.json) and no network access.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ+WRITE | WRITE | ✓ Aligned | buddy.py:333,341 - only accesses ~/.buddy_mode_state.json |
| Network | NONE | NONE | — | No http/urllib/socket imports found |
| Shell | NONE | NONE | — | No os.system, subprocess, or shell=True found |
| Environment | NONE | READ | ✓ Aligned | buddy.py:78,561,563 - only reads BUDDY_STATE_FILE, NO_COLOR, TERM (legitimate) |
File Tree
6 files · 124.1 KB · 2920 lines Python 2f · 2007L
Markdown 3f · 862L
Shell 1f · 51L
├─
▾
scripts
│ ├─
buddy.py
Python
│ ├─
check.sh
Shell
│ └─
theme_data.py
Python
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (argparse, json, os, random, sys, textwrap, unicodedata, pathlib)
✓ No network requests or external connections
✓ No credential or sensitive path access (.ssh, .aws, .env)
✓ State persistence is user-local (~/.buddy_mode_state.json)
✓ SKILL.md accurately documents all functionality
✓ check.sh is a validation script with no side effects
✓ theme_data.py contains only static buddy definitions
✓ No base64, eval, exec, or code execution vulnerabilities
✓ No remote script execution (curl|bash, wget|sh)