中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
memorial-skill
AI remembrance skill for building memorial archives of deceased loved ones - supports text memory, persona reconstruction, voice cloning, and chat log analysis
Legitimate AI remembrance skill for building memorial archives of deceased loved ones. All functionality is properly declared in SKILL.md with no hidden malicious behavior.
Skill Namememorial-skill
Duration51.9s
Enginepi
Safe to install
No action needed. The skill is safe for use with the declared tool permissions.

Findings 2 items

Severity Finding Location
Low
Optional dependencies lack version pinning
requirements.txt specifies optional dependencies without version constraints (e.g., openai-whisper, pilk, noisereduce). This could lead to supply chain issues if untrusted versions are pulled.
pypinyin
Pillow
openai-whisper
→ Consider pinning versions for reproducible builds: openai-whisper==20231117
 requirements.txt:1
Info
WeChat database access is contextual
wechat_voice_extractor.py accesses WeChat's SQLite databases via pywxdump for extracting voice messages. This is a privacy-sensitive operation but is declared in SKILL.md as part of the memorial creation workflow.
# 自动完成:解密微信数据库 → 列出群聊/联系人 → 提取指定人的语音
→ Ensure users understand this requires them to have legitimate export of their own WeChat data
 tools/wechat_voice_extractor.py:1
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned All file operations scoped to project directories (memorials/, tools/)
Network READ READ ✓ Aligned Model downloads from HuggingFace/ModelScope declared in code comments
Shell WRITE WRITE ✓ Aligned subprocess used only for audio processing tools (ffmpeg) and GPT-SoVITS training
Environment NONE NONE No access to sensitive environment variables
Skill Invoke NONE NONE No dynamic skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE SQLite access limited to WeChat database decryption for voice extraction
8 findings
🔗
Medium External URL 外部 URL
https://python.org
INSTALL.md:21
🔗
Medium External URL 外部 URL
https://download.pytorch.org/whl/cu128
INSTALL.md:80
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:7
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/Python-3.9%2B-blue.svg
README.md:8
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/Claude%20Code-Skill-blueviolet
README.md:9
🔗
Medium External URL 外部 URL
https://claude.ai/code
README.md:9
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/AgentSkills-Standard-green
README.md:10
🔗
Medium External URL 外部 URL
https://agentskills.io
README.md:10

File Tree

33 files · 282.0 KB · 7999 lines
Python 12f · 4277L Markdown 19f · 3667L JSON 1f · 29L Text 1f · 26L
├─ 📁 docs
│ └─ 📝 PRD.md Markdown 389L · 16.6 KB
├─ 📁 memorials
│ └─ 📁 example_grandpa
│ ├─ 📁 materials
│ │ └─ 📝 README.md Markdown 16L · 587 B
│ ├─ 📁 voice
│ │ └─ 📝 README.md Markdown 34L · 1.2 KB
│ ├─ 📋 meta.json JSON 29L · 878 B
│ ├─ 📝 persona.md Markdown 169L · 7.0 KB
│ ├─ 📝 remembrance.md Markdown 119L · 5.8 KB
│ └─ 📝 SKILL.md Markdown 306L · 13.5 KB
├─ 📁 prompts
│ ├─ 📝 correction_handler.md Markdown 83L · 2.0 KB
│ ├─ 📝 intake.md Markdown 212L · 5.6 KB
│ ├─ 📝 merger.md Markdown 94L · 2.6 KB
│ ├─ 📝 persona_analyzer.md Markdown 231L · 8.0 KB
│ ├─ 📝 persona_builder.md Markdown 132L · 3.1 KB
│ ├─ 📝 remembrance_analyzer.md Markdown 213L · 6.2 KB
│ ├─ 📝 remembrance_builder.md Markdown 100L · 1.6 KB
│ └─ 📝 subject_interview.md Markdown 177L · 4.7 KB
├─ 📁 tests
│ └─ 🐍 test_tools.py Python 248L · 8.5 KB
├─ 📁 tools
│ ├─ 🐍 audio_transcriber.py Python 326L · 12.1 KB
│ ├─ 🐍 interview_guide.py Python 445L · 17.6 KB
│ ├─ 🐍 photo_analyzer.py Python 247L · 9.0 KB
│ ├─ 🐍 qq_parser.py Python 258L · 8.8 KB
│ ├─ 🐍 skill_writer.py Python 442L · 11.8 KB
│ ├─ 🐍 version_manager.py Python 175L · 5.6 KB
│ ├─ 🐍 voice_preprocessor.py Python 380L · 13.6 KB
│ ├─ 🐍 voice_synthesizer.py Python 375L · 13.7 KB
│ ├─ 🐍 voice_trainer.py Python 613L · 22.8 KB
│ ├─ 🐍 wechat_parser.py Python 315L · 10.8 KB
│ └─ 🐍 wechat_voice_extractor.py Python 453L · 16.8 KB
├─ 📝 CLAUDE.md Markdown 141L · 7.3 KB
├─ 📝 INSTALL.md Markdown 168L · 4.9 KB
├─ 📝 README_EN.md Markdown 427L · 16.3 KB
├─ 📝 README.md Markdown 474L · 17.2 KB
├─ 📄 requirements.txt Text 26L · 668 B
└─ 📝 SKILL.md Markdown 182L · 5.1 KB

Dependencies 6 items

PackageVersionSourceKnown VulnsNotes
pypinyin unpinned pip No Optional, for Chinese slug generation
Pillow unpinned pip No Optional, for photo EXIF extraction
openai-whisper unpinned pip No Optional, for audio transcription
pilk unpinned pip No Optional, for WeChat silk audio decoding
noisereduce unpinned pip No Optional, for audio denoising
soundfile unpinned pip No Optional, for audio I/O

Security Positives

✓ All shell operations use subprocess with explicit command lists, no shell=True usage
✓ File operations are scoped to project directories (memorials/, tools/)
✓ No base64-encoded payloads or obfuscated code
✓ No credential harvesting or environment variable enumeration for secrets
✓ No remote code execution via curl|bash patterns
✓ Model downloads are from known-good sources (HuggingFace, ModelScope)
✓ Ethical boundaries are well-documented in SKILL.md (Layer 0 rules)
✓ Local-only data storage policy documented
✓ No eval() or dynamic code execution
✓ No suspicious network IOCs (no direct IP addresses, no C2 patterns)