Scan Report
5 /100
dependency-tracker
每周依赖检查。检查 Node.js、npm 版本和全局包是否有可用更新。触发时机:cron 定时任务或手动调用。
A straightforward Node.js/npm dependency checker with complete documentation and no security concerns.
Safe to install
This skill is safe to use. No security issues detected.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md documents node -v, npm -v, npm list -g, npm outdated |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares writes to data/exec-logs/dependency-tracker/ |
| Network | READ | READ | ✓ Aligned | SKILL.md declares Feishu integration for report delivery |
File Tree
2 files · 1.9 KB · 86 lines Markdown 2f · 86L
├─
▾
references
│ └─
spec.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are explicitly documented in SKILL.md
✓ No credential harvesting or sensitive data access
✓ Output path is restricted to a dedicated directory
✓ No base64, eval, or obfuscation patterns detected
✓ No remote script execution patterns (curl|bash, wget|sh)
✓ Well-structured documentation with clear execution rules
✓ Atomic file writing with .tmp then mv pattern documented