中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 12/100
Last scan:1 day ago Rescan
12 /100
desktop-automation-pro
Desktop GUI automation toolkit for browser, mobile devices, and native applications
Legitimate desktop GUI automation toolkit using pyautogui and pywinauto with no malicious behavior, network calls, or credential access detected.
Skill Namedesktop-automation-pro
Duration35.4s
Enginepi
Safe to install
Approve for use. Consider pinning dependency versions in a requirements.txt for supply-chain hygiene.

Findings 2 items

Severity Finding Location
Low
Dependencies not pinned Supply Chain
No requirements.txt or package.json exists. SKILL.md installation instructions use unpinned pip install commands (pyautogui, pywinauto, pillow), allowing any version to be pulled.
pip install pyautogui pywinauto pillow
→ Add a requirements.txt with pinned versions (e.g., pyautogui==0.9.54) to ensure reproducible and secure builds.
 SKILL.md:113
Low
Shell execution not explicitly declared Doc Mismatch
SKILL.md states 'Python scripts via exec' for native app automation but does not explicitly declare shell:WRITE in the capability model. The exec tool maps to shell:WRITE which is a significant capability.
Native App Automation / 原生应用自动化: For Windows native applications, use Python scripts via exec
→ Explicitly declare shell:WRITE in SKILL.md capability table and document the scope of allowed script execution.
 SKILL.md:54
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned SKILL.md screenshot writes to output file; pyautogui_demo.py:89 screenshot.save(…
Shell NONE WRITE ✓ Aligned SKILL.md mentions 'Python scripts via exec' for native app automation but does n…
Network NONE NONE Neither script makes any network requests
Browser READ READ ✓ Aligned SKILL.md declares browser tool usage for Chromium automation
Clipboard NONE NONE No clipboard access in scripts

File Tree

3 files · 15.8 KB · 546 lines
Python 2f · 299L Markdown 1f · 247L
├─ 📁 scripts
│ ├─ 🐍 pyautogui_demo.py Python 142L · 4.5 KB
│ └─ 🐍 pywinauto_demo.py Python 157L · 4.4 KB
└─ 📝 SKILL.md Markdown 247L · 6.9 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
pyautogui unpinned pip No No version specified in SKILL.md install instructions
pywinauto unpinned pip No No version specified in SKILL.md install instructions
pillow unpinned pip No No version specified in SKILL.md install instructions

Security Positives

✓ pyautogui_demo.py enables FAILSAFE protection (pyautogui.FAILSAFE = True), moving mouse to screen corner aborts operations
✓ Scripts are well-documented with docstrings and bilingual comments explaining each function
✓ No network requests, external IP connections, or data exfiltration detected in any script
✓ No credential harvesting, environment variable iteration for secrets, or sensitive file access
✓ No base64 encoding, eval(), or obfuscated code patterns present
✓ No curl|bash or wget|sh remote script execution
✓ Argparse-based CLI with input validation — no arbitrary command injection vectors
✓ No hidden HTML comments, embedded payloads, or steganographic elements