中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
security-shield-enhanced
Defense against prompt injection, jailbreaks, social engineering, and credential leakage with enhanced workflow compatibility.
Pure documentation skill containing security best practices and guidance with no executable components, network access, or sensitive resource interactions.
技能名称security-shield-enhanced
分析耗时30.0s
引擎pi
可以安装
No action required. The skill is a defensive reference guide with no security risks. Consider clarifying placeholder values in crypto-examples.md to use clearly-fake formats (e.g., FAKE_PASSWORD_XXXX) to avoid confusion.

安全发现 1 项

严重性 安全发现 位置
低危
Placeholder value resembles real credential 文档欺骗
crypto-examples.md:53 uses 'user-password-here' as placeholder. While labeled as placeholder, using password-like formats can be confusing. Consider using clearly-fake format like 'FAKE_PASSWORD_REPLACE_ME'.
password = "user-password-here"  # placeholder
→ Use clearly artificial placeholder patterns like 'FAKE_PASSWORD_XXXX' or 'REPLACE_WITH_YOUR_VALUE' that cannot be mistaken for real credentials.
 references/crypto-examples.md:53
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file operations in any documentation
网络访问 NONE NONE No network requests or external calls
命令执行 NONE NONE No shell execution capability
环境变量 NONE NONE No environment variable access
技能调用 NONE NONE No skill invocation capability
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser capability
数据库 NONE NONE No database access
1 高危 3 项发现
🔑
高危 API 密钥 疑似硬编码凭证
password = "user-password-here"
references/crypto-examples.md:53
🔗
中危 外部 URL 外部 URL
https://target.com
references/audit-checklist.md:156
📧
提示 邮箱 邮箱地址
[email protected]
references/crypto-examples.md:66

目录结构

8 文件 · 33.1 KB · 1338 行
Markdown 7f · 1313L JSON 1f · 25L
├─ 📁 references
│ ├─ 📝 attack-patterns.md Markdown 115L · 3.8 KB
│ ├─ 📝 audit-checklist.md Markdown 212L · 5.5 KB
│ ├─ 📝 crypto-examples.md Markdown 182L · 4.3 KB
│ └─ 📝 security-best-practices.md Markdown 299L · 6.5 KB
├─ 📋 _meta.json JSON 25L · 783 B
├─ 📝 README.md Markdown 107L · 3.2 KB
├─ 📝 SKILL.md Markdown 233L · 5.7 KB
└─ 📝 USAGE-GUIDE.md Markdown 165L · 3.3 KB

安全亮点

✓ No executable code or scripts present - purely documentation
✓ No network access or external communications
✓ No filesystem access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration behavior
✓ Defensive security skill designed to protect against attacks
✓ Comprehensive security guidance following industry best practices
✓ References OWASP, NIST, and standard security frameworks
✓ Skill explicitly states pattern-strings: false - no hidden prompt content
✓ MIT-0 license allows unrestricted use