中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
memorial-skill
AI remembrance skill for building memorial archives of deceased loved ones - supports text memory, persona reconstruction, voice cloning, and chat log analysis
Legitimate AI remembrance skill for building memorial archives of deceased loved ones. All functionality is properly declared in SKILL.md with no hidden malicious behavior.
技能名称memorial-skill
分析耗时51.9s
引擎pi
可以安装
No action needed. The skill is safe for use with the declared tool permissions.

安全发现 2 项

严重性 安全发现 位置
低危
Optional dependencies lack version pinning
requirements.txt specifies optional dependencies without version constraints (e.g., openai-whisper, pilk, noisereduce). This could lead to supply chain issues if untrusted versions are pulled.
pypinyin
Pillow
openai-whisper
→ Consider pinning versions for reproducible builds: openai-whisper==20231117
 requirements.txt:1
提示
WeChat database access is contextual
wechat_voice_extractor.py accesses WeChat's SQLite databases via pywxdump for extracting voice messages. This is a privacy-sensitive operation but is declared in SKILL.md as part of the memorial creation workflow.
# 自动完成:解密微信数据库 → 列出群聊/联系人 → 提取指定人的语音
→ Ensure users understand this requires them to have legitimate export of their own WeChat data
 tools/wechat_voice_extractor.py:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 All file operations scoped to project directories (memorials/, tools/)
网络访问 READ READ ✓ 一致 Model downloads from HuggingFace/ModelScope declared in code comments
命令执行 WRITE WRITE ✓ 一致 subprocess used only for audio processing tools (ffmpeg) and GPT-SoVITS training
环境变量 NONE NONE No access to sensitive environment variables
技能调用 NONE NONE No dynamic skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE SQLite access limited to WeChat database decryption for voice extraction
8 项发现
🔗
中危 外部 URL 外部 URL
https://python.org
INSTALL.md:21
🔗
中危 外部 URL 外部 URL
https://download.pytorch.org/whl/cu128
INSTALL.md:80
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:7
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/Python-3.9%2B-blue.svg
README.md:8
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/Claude%20Code-Skill-blueviolet
README.md:9
🔗
中危 外部 URL 外部 URL
https://claude.ai/code
README.md:9
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/AgentSkills-Standard-green
README.md:10
🔗
中危 外部 URL 外部 URL
https://agentskills.io
README.md:10

目录结构

33 文件 · 282.0 KB · 7999 行
Python 12f · 4277L Markdown 19f · 3667L JSON 1f · 29L Text 1f · 26L
├─ 📁 docs
│ └─ 📝 PRD.md Markdown 389L · 16.6 KB
├─ 📁 memorials
│ └─ 📁 example_grandpa
│ ├─ 📁 materials
│ │ └─ 📝 README.md Markdown 16L · 587 B
│ ├─ 📁 voice
│ │ └─ 📝 README.md Markdown 34L · 1.2 KB
│ ├─ 📋 meta.json JSON 29L · 878 B
│ ├─ 📝 persona.md Markdown 169L · 7.0 KB
│ ├─ 📝 remembrance.md Markdown 119L · 5.8 KB
│ └─ 📝 SKILL.md Markdown 306L · 13.5 KB
├─ 📁 prompts
│ ├─ 📝 correction_handler.md Markdown 83L · 2.0 KB
│ ├─ 📝 intake.md Markdown 212L · 5.6 KB
│ ├─ 📝 merger.md Markdown 94L · 2.6 KB
│ ├─ 📝 persona_analyzer.md Markdown 231L · 8.0 KB
│ ├─ 📝 persona_builder.md Markdown 132L · 3.1 KB
│ ├─ 📝 remembrance_analyzer.md Markdown 213L · 6.2 KB
│ ├─ 📝 remembrance_builder.md Markdown 100L · 1.6 KB
│ └─ 📝 subject_interview.md Markdown 177L · 4.7 KB
├─ 📁 tests
│ └─ 🐍 test_tools.py Python 248L · 8.5 KB
├─ 📁 tools
│ ├─ 🐍 audio_transcriber.py Python 326L · 12.1 KB
│ ├─ 🐍 interview_guide.py Python 445L · 17.6 KB
│ ├─ 🐍 photo_analyzer.py Python 247L · 9.0 KB
│ ├─ 🐍 qq_parser.py Python 258L · 8.8 KB
│ ├─ 🐍 skill_writer.py Python 442L · 11.8 KB
│ ├─ 🐍 version_manager.py Python 175L · 5.6 KB
│ ├─ 🐍 voice_preprocessor.py Python 380L · 13.6 KB
│ ├─ 🐍 voice_synthesizer.py Python 375L · 13.7 KB
│ ├─ 🐍 voice_trainer.py Python 613L · 22.8 KB
│ ├─ 🐍 wechat_parser.py Python 315L · 10.8 KB
│ └─ 🐍 wechat_voice_extractor.py Python 453L · 16.8 KB
├─ 📝 CLAUDE.md Markdown 141L · 7.3 KB
├─ 📝 INSTALL.md Markdown 168L · 4.9 KB
├─ 📝 README_EN.md Markdown 427L · 16.3 KB
├─ 📝 README.md Markdown 474L · 17.2 KB
├─ 📄 requirements.txt Text 26L · 668 B
└─ 📝 SKILL.md Markdown 182L · 5.1 KB

依赖分析 6 项

包名版本来源已知漏洞备注
pypinyin unpinned pip Optional, for Chinese slug generation
Pillow unpinned pip Optional, for photo EXIF extraction
openai-whisper unpinned pip Optional, for audio transcription
pilk unpinned pip Optional, for WeChat silk audio decoding
noisereduce unpinned pip Optional, for audio denoising
soundfile unpinned pip Optional, for audio I/O

安全亮点

✓ All shell operations use subprocess with explicit command lists, no shell=True usage
✓ File operations are scoped to project directories (memorials/, tools/)
✓ No base64-encoded payloads or obfuscated code
✓ No credential harvesting or environment variable enumeration for secrets
✓ No remote code execution via curl|bash patterns
✓ Model downloads are from known-good sources (HuggingFace, ModelScope)
✓ Ethical boundaries are well-documented in SKILL.md (Layer 0 rules)
✓ Local-only data storage policy documented
✓ No eval() or dynamic code execution
✓ No suspicious network IOCs (no direct IP addresses, no C2 patterns)