扫描报告
0 /100
tailscale-manager
Manage Tailscale tailnet from chat. Check status, list devices, ping hosts, run network diagnostics, check serve/funnel config.
Legitimate read-only Tailscale network manager with a clean command whitelist, public IP masking, and no undeclared capabilities.
可以安装
No action needed. The skill performs exactly as documented with no hidden functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | subprocess.run(['tailscale'] + args) — declared in SKILL.md for status, ip, ping… |
| 网络访问 | READ | READ | ✓ 一致 | Executes tailscale CLI commands for network queries only |
| 文件系统 | NONE | NONE | — | No file read/write operations in the code |
| 环境变量 | NONE | NONE | — | No os.environ access |
| 凭证访问 | NONE | NONE | — | No credential or token access; explicitly disclaimed in SKILL.md |
目录结构
2 文件 · 7.5 KB · 240 行 Python 1f · 196L
Markdown 1f · 44L
├─
▾
scripts
│ └─
tailscale_ctrl.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ Strict command whitelist enforced: only 6 read-only subcommands are routed (status, ip, ping, netcheck, whois, serve-status)
✓ WRITE_COMMANDS set defined but never wired into dispatch — write operations are structurally impossible
✓ Public IP masking via regex covering all non-private ranges
✓ JSON parsing extracts only safe, non-sensitive fields (DNSName, Online, TailscaleIPs, OS)
✓ Subprocess timeout (15s default, 20s for ping, 30s for netcheck) prevents indefinite hanging
✓ SKILL.md accurately reflects all behavior — no doc-to-code mismatch
✓ No external network connections beyond tailscale CLI invocations
✓ No credential harvesting, no environment variable scanning, no sensitive file access