中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:2 days ago Rescan
0 /100
post-dev-verification
Post-development full-stack verification skill. Automatically triggers after development tasks complete to run production-level validation with real-execution-first philosophy.
Pure documentation-only skill defining a post-development testing methodology. No executable code, scripts, or binaries exist. The skill describes a legitimate testing workflow using AI Agent tools, fully documented with no hidden behavior.
Skill Namepost-dev-verification
Duration24.8s
Enginepi
Safe to install
This skill is safe to use. The AI Agent running it will need shell, filesystem, and network access via standard tools, but all capabilities are explicitly declared in SKILL.md metadata and documentation.
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md metadata: capabilities includes 'read_project_files'
Shell WRITE WRITE ✓ Aligned SKILL.md Phase 2: 'start services', 'run tests', 'run migrations' imply shell:WR…
Network READ READ ✓ Aligned SKILL.md Phase 2: 'HTTP requests to running services', 'E2E layer' implies netwo…
Environment READ READ ✓ Aligned SKILL.md safety section: 'environment-variable tokens' -- only reads, does not e…
1 findings
🔗
Medium External URL 外部 URL
http://json-schema.org/draft-07/schema#
references/feedback-schema.md:23

File Tree

6 files · 99.3 KB · 2041 lines
Markdown 6f · 2041L
├─ 📁 references
│ ├─ 📝 anti-patterns.md Markdown 295L · 14.3 KB
│ ├─ 📝 feedback-schema.md Markdown 472L · 21.5 KB
│ ├─ 📝 metrics.md Markdown 351L · 18.4 KB
│ ├─ 📝 real-e2e-templates.md Markdown 409L · 12.1 KB
│ └─ 📝 test-taxonomy.md Markdown 137L · 15.8 KB
└─ 📝 SKILL.md Markdown 377L · 17.4 KB

Security Positives

✓ No executable code or scripts -- all files are pure Markdown documentation
✓ All capabilities explicitly declared in SKILL.md metadata section
✓ Safety guardrails clearly documented: test/sandbox environment, test credentials only, Phase 0 review before execution
✓ No credential harvesting or exfiltration behavior described
✓ No base64, eval, obfuscation, or other high-risk patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) described or required
✓ Network access limited to testing target services, not external C2 or data theft
✓ Doc-to-code alignment is perfect -- this is a documentation-only skill with no code gap