中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:17 hr ago Rescan
20 /100
PDF Organizer Skill
AI-powered PDF organization tool that automatically categorizes and organizes PDF files by topic using GPT analysis
Documentation-only skill describing a PDF organizer tool with no implementation files present to analyze for malicious behavior.
Skill NamePDF Organizer Skill
Duration32.0s
Enginepi
Safe to install
If implementation files are added, verify that API keys are stored securely (e.g., environment variables) and not exfiltrated. Review subprocess usage for shell commands.

Findings 2 items

Severity Finding Location
Low
Documentation mismatch potential - No implementation to verify Doc Mismatch
SKILL.md references multiple implementation files (pdf_organizer.py, modules/, config.json, requirements.txt, setup.py) but none exist in the skill directory. Cannot verify actual behavior matches documentation.
Project Structure references pdf_organizer.py, modules/, config.json, requirements.txt
→ Implement files before deploying or clearly mark as documentation-only skill
 SKILL.md:1
Low
API key storage in config.json Credential Theft
SKILL.md indicates API keys should be stored in config.json. While not malicious itself, storing credentials in config files is less secure than environment variables and could be risky if the file is committed to version control.
openai_api_key: Your API key (required)
→ Prefer environment variable-based API key storage and document .gitignore for config.json
 SKILL.md:34
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md describes reading PDFs from input_pdfs/ folder
Filesystem WRITE WRITE ✓ Aligned SKILL.md describes renaming files and creating folder structure in organized_pdf…
Network READ READ ✓ Aligned SKILL.md declares OpenAI/Kimi API integration for content analysis
Environment NONE NONE No environment variable access described in docs
Shell NONE NONE No shell execution mentioned

File Tree

1 files · 2.4 KB · 54 lines
Markdown 1f · 54L
└─ 📝 SKILL.md Markdown 54L · 2.4 KB

Security Positives

✓ No malicious patterns detected in documentation
✓ No network exfiltration endpoints mentioned
✓ No credential harvesting behavior described
✓ File operations are appropriate for stated use case (PDF organization)
✓ Hierarchical organization and file naming are legitimate functionality
✓ Dry-run mode suggests careful design with rollback capability