扫描报告
5 /100
read-gbk
读取本地文本文件,支持 GBK/UTF-8 编码自动检测
A straightforward file reading utility that reads user-specified files with encoding detection and auto-installs required Python libraries. No security concerns identified.
可以安装
This skill is safe to use. No additional security measures required.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | Environment variable access for Python discovery | scripts/read-file.js:16 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md declares file reading capability; code reads only user-provided paths |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares auto-installation of python-docx/pypdf; subprocess.run used fo… |
| 环境变量 | NONE | READ | ✓ 一致 | read-file.js:16 reads USERNAME env var for Python path discovery; benign usage |
2 项发现
中危 外部 URL 外部 URL
https://docs.conda.io/en/latest/miniconda.html SKILL.md:19 中危 外部 URL 外部 URL
https://www.python.org/downloads/ SKILL.md:24 目录结构
3 文件 · 10.9 KB · 354 行 Python 1f · 166L
JavaScript 1f · 97L
Markdown 1f · 91L
├─
▾
scripts
│ ├─
read-file.js
JavaScript
│ └─
read-file.py
Python
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
python-docx | * | pip (auto-installed) | 否 | Auto-installed on first .docx access; not pre-pinned by design |
pypdf | * | pip (auto-installed) | 否 | Auto-installed on first .pdf access; not pre-pinned by design |
安全亮点
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or external IP connections
✓ No base64, eval(), or obfuscated code execution
✓ No path traversal vulnerabilities
✓ File access limited to user-provided arguments only
✓ Dependency installation only for declared libraries (python-docx, pypdf)
✓ Proper error handling and input validation
✓ No hidden functionality beyond declared purpose