Scan Report
0 /100
a2a-code-audit
Static code analysis for security vulnerabilities, style violations, and bugs using platform tools.
A minimal static code analysis skill with only documentation files and no executable code. No malicious behavior, credential access, network exfiltration, or hidden functionality detected.
Safe to install
No action required. This skill contains only documentation describing a pattern-based static analysis tool. If deploying, ensure the platform exec tool usage aligns with your security policy.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations described or implemented |
| Network | NONE | NONE | — | No network calls described or implemented |
| Shell | NONE | NONE | — | No shell execution in code (only vague 'platform exec tool' reference in docs) |
| Environment | NONE | NONE | — | No environment variable access described or implemented |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation described |
| Clipboard | NONE | NONE | — | No clipboard access described |
| Browser | NONE | NONE | — | No browser automation described |
| Database | NONE | NONE | — | No database access described or implemented |
File Tree
3 files · 2.5 KB · 121 lines Markdown 1f · 103L
YAML 1f · 10L
JSON 1f · 8L
├─
_meta.json
JSON
├─
skill.md
Markdown
└─
skill.yaml
YAML
Security Positives
✓ No executable code files present - skill is purely documentation
✓ No dependencies or package files (requirements.txt, package.json, etc.)
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access)
✓ No network requests or external IP connections
✓ No credential harvesting or exfiltration
✓ No shell script execution or remote code download
✓ No base64 encoding/decoding or obfuscation patterns
✓ MIT-0 license indicates permissive, well-documented licensing