中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
panews
Entry point for reading PANews cryptocurrency/blockchain news and market narratives
This is a pure-documentation PANews cryptocurrency news reading skill with no executable code present. All referenced files are markdown/YAML describing legitimate news-fetching workflows against the panewslab.com API.
Skill Namepanews
Duration36.8s
Enginepi
Safe to install
No action needed. The skill is safe but incomplete — the SKILL.md references a `scripts/cli.mjs` that does not exist in the package, making the skill non-functional.

Findings 1 items

Severity Finding Location
Low
Referenced CLI script does not exist
SKILL.md declares 'node scripts/cli.mjs' as the execution entrypoint, but the package contains no scripts/ directory or any executable code. The skill is pure documentation and cannot function.
node {Skills Directory}/panews/scripts/cli.mjs <command> [options]
→ Add the missing scripts/cli.mjs file to make the skill functional, or update SKILL.md to remove the CLI reference if this is meant to be a pure prompt-based skill.
 SKILL.md:53
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No filesystem access in any file
Network READ READ ✓ Aligned All network calls are GET requests to panewslab.com for news content
Shell WRITE NONE ✓ Aligned SKILL.md references 'node cli.mjs' but scripts/cli.mjs does not exist — shell ac…
Environment NONE NONE No environment variable access in any file
Skill Invoke NONE NONE No skill invocation in any file
Clipboard NONE NONE No clipboard access in any file
Browser NONE NONE No browser access in any file
Database NONE NONE No database access in any file
4 findings
🔗
Medium External URL 外部 URL
https://www.panewslab.com/
references/workflow-read-article.md:7
🔗
Medium External URL 外部 URL
https://www.panewslab.com/zh/abc123def
references/workflow-read-article.md:10
🔗
Medium External URL 外部 URL
https://panewslab.com/en/abc123def
references/workflow-read-article.md:11
🔗
Medium External URL 外部 URL
https://www.panewslab.com/abc123def
references/workflow-read-article.md:12

File Tree

14 files · 19.0 KB · 531 lines
Markdown 13f · 524L YAML 1f · 7L
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 7L · 451 B
├─ 📁 references
│ ├─ 📝 workflow-calendar.md Markdown 33L · 1.2 KB
│ ├─ 📝 workflow-columns.md Markdown 31L · 928 B
│ ├─ 📝 workflow-events.md Markdown 40L · 1.3 KB
│ ├─ 📝 workflow-hooks.md Markdown 64L · 2.1 KB
│ ├─ 📝 workflow-latest-news.md Markdown 32L · 1022 B
│ ├─ 📝 workflow-read-article.md Markdown 30L · 954 B
│ ├─ 📝 workflow-search.md Markdown 41L · 1.4 KB
│ ├─ 📝 workflow-series.md Markdown 31L · 889 B
│ ├─ 📝 workflow-today-briefing.md Markdown 40L · 1.1 KB
│ ├─ 📝 workflow-topic-research.md Markdown 38L · 1.3 KB
│ ├─ 📝 workflow-topics.md Markdown 30L · 934 B
│ └─ 📝 workflow-trending.md Markdown 25L · 713 B
└─ 📝 SKILL.md Markdown 89L · 4.9 KB

Security Positives

✓ No executable code present — only documentation files
✓ No credential harvesting or environment variable access
✓ No base64/encoded payloads, eval, or shell command injection
✓ All network IOCs point to legitimate domain panewslab.com
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration or external IP communication
✓ No hidden HTML comments or steganographic payloads
✓ No dependency files with unpinned versions or known vulnerabilities
✓ No reverse shell, C2, or privilege escalation patterns