Scan Report
5 /100
read-gbk
读取本地文本文件,支持 GBK/UTF-8 编码自动检测
A straightforward file reading utility that reads user-specified files with encoding detection and auto-installs required Python libraries. No security concerns identified.
Safe to install
This skill is safe to use. No additional security measures required.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Info | Environment variable access for Python discovery | scripts/read-file.js:16 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md declares file reading capability; code reads only user-provided paths |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares auto-installation of python-docx/pypdf; subprocess.run used fo… |
| Environment | NONE | READ | ✓ Aligned | read-file.js:16 reads USERNAME env var for Python path discovery; benign usage |
2 findings
Medium External URL 外部 URL
https://docs.conda.io/en/latest/miniconda.html SKILL.md:19 Medium External URL 外部 URL
https://www.python.org/downloads/ SKILL.md:24 File Tree
3 files · 10.9 KB · 354 lines Python 1f · 166L
JavaScript 1f · 97L
Markdown 1f · 91L
├─
▾
scripts
│ ├─
read-file.js
JavaScript
│ └─
read-file.py
Python
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
python-docx | * | pip (auto-installed) | No | Auto-installed on first .docx access; not pre-pinned by design |
pypdf | * | pip (auto-installed) | No | Auto-installed on first .pdf access; not pre-pinned by design |
Security Positives
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or external IP connections
✓ No base64, eval(), or obfuscated code execution
✓ No path traversal vulnerabilities
✓ File access limited to user-provided arguments only
✓ Dependency installation only for declared libraries (python-docx, pypdf)
✓ Proper error handling and input validation
✓ No hidden functionality beyond declared purpose