扫描报告
5 /100
buddy_mode
A living digital companion that grows with the user through virtual buddy creatures
Buddy Mode is a benign gamification skill that renders virtual companion creatures. No malicious code, network activity, credential access, or hidden functionality detected.
可以安装
This skill is safe to use. It requires only filesystem:WRITE for state persistence (~/.buddy_mode_state.json) and no network access.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ+WRITE | WRITE | ✓ 一致 | buddy.py:333,341 - only accesses ~/.buddy_mode_state.json |
| 网络访问 | NONE | NONE | — | No http/urllib/socket imports found |
| 命令执行 | NONE | NONE | — | No os.system, subprocess, or shell=True found |
| 环境变量 | NONE | READ | ✓ 一致 | buddy.py:78,561,563 - only reads BUDDY_STATE_FILE, NO_COLOR, TERM (legitimate) |
目录结构
6 文件 · 124.1 KB · 2920 行 Python 2f · 2007L
Markdown 3f · 862L
Shell 1f · 51L
├─
▾
scripts
│ ├─
buddy.py
Python
│ ├─
check.sh
Shell
│ └─
theme_data.py
Python
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Uses only Python standard library (argparse, json, os, random, sys, textwrap, unicodedata, pathlib)
✓ No network requests or external connections
✓ No credential or sensitive path access (.ssh, .aws, .env)
✓ State persistence is user-local (~/.buddy_mode_state.json)
✓ SKILL.md accurately documents all functionality
✓ check.sh is a validation script with no side effects
✓ theme_data.py contains only static buddy definitions
✓ No base64, eval, exec, or code execution vulnerabilities
✓ No remote script execution (curl|bash, wget|sh)