中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:2 天前 重新扫描
0 /100
post-dev-verification
Post-development full-stack verification skill. Automatically triggers after development tasks complete to run production-level validation with real-execution-first philosophy.
Pure documentation-only skill defining a post-development testing methodology. No executable code, scripts, or binaries exist. The skill describes a legitimate testing workflow using AI Agent tools, fully documented with no hidden behavior.
技能名称post-dev-verification
分析耗时24.8s
引擎pi
可以安装
This skill is safe to use. The AI Agent running it will need shell, filesystem, and network access via standard tools, but all capabilities are explicitly declared in SKILL.md metadata and documentation.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md metadata: capabilities includes 'read_project_files'
命令执行 WRITE WRITE ✓ 一致 SKILL.md Phase 2: 'start services', 'run tests', 'run migrations' imply shell:WR…
网络访问 READ READ ✓ 一致 SKILL.md Phase 2: 'HTTP requests to running services', 'E2E layer' implies netwo…
环境变量 READ READ ✓ 一致 SKILL.md safety section: 'environment-variable tokens' -- only reads, does not e…
1 项发现
🔗
中危 外部 URL 外部 URL
http://json-schema.org/draft-07/schema#
references/feedback-schema.md:23

目录结构

6 文件 · 99.3 KB · 2041 行
Markdown 6f · 2041L
├─ 📁 references
│ ├─ 📝 anti-patterns.md Markdown 295L · 14.3 KB
│ ├─ 📝 feedback-schema.md Markdown 472L · 21.5 KB
│ ├─ 📝 metrics.md Markdown 351L · 18.4 KB
│ ├─ 📝 real-e2e-templates.md Markdown 409L · 12.1 KB
│ └─ 📝 test-taxonomy.md Markdown 137L · 15.8 KB
└─ 📝 SKILL.md Markdown 377L · 17.4 KB

安全亮点

✓ No executable code or scripts -- all files are pure Markdown documentation
✓ All capabilities explicitly declared in SKILL.md metadata section
✓ Safety guardrails clearly documented: test/sandbox environment, test credentials only, Phase 0 review before execution
✓ No credential harvesting or exfiltration behavior described
✓ No base64, eval, obfuscation, or other high-risk patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) described or required
✓ Network access limited to testing target services, not external C2 or data theft
✓ Doc-to-code alignment is perfect -- this is a documentation-only skill with no code gap