扫描报告
0 /100
a2a-code-audit
Static code analysis for security vulnerabilities, style violations, and bugs using platform tools.
A minimal static code analysis skill with only documentation files and no executable code. No malicious behavior, credential access, network exfiltration, or hidden functionality detected.
可以安装
No action required. This skill contains only documentation describing a pattern-based static analysis tool. If deploying, ensure the platform exec tool usage aligns with your security policy.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations described or implemented |
| 网络访问 | NONE | NONE | — | No network calls described or implemented |
| 命令执行 | NONE | NONE | — | No shell execution in code (only vague 'platform exec tool' reference in docs) |
| 环境变量 | NONE | NONE | — | No environment variable access described or implemented |
| 技能调用 | NONE | NONE | — | No cross-skill invocation described |
| 剪贴板 | NONE | NONE | — | No clipboard access described |
| 浏览器 | NONE | NONE | — | No browser automation described |
| 数据库 | NONE | NONE | — | No database access described or implemented |
目录结构
3 文件 · 2.5 KB · 121 行 Markdown 1f · 103L
YAML 1f · 10L
JSON 1f · 8L
├─
_meta.json
JSON
├─
skill.md
Markdown
└─
skill.yaml
YAML
安全亮点
✓ No executable code files present - skill is purely documentation
✓ No dependencies or package files (requirements.txt, package.json, etc.)
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access)
✓ No network requests or external IP connections
✓ No credential harvesting or exfiltration
✓ No shell script execution or remote code download
✓ No base64 encoding/decoding or obfuscation patterns
✓ MIT-0 license indicates permissive, well-documented licensing