扫描报告
5 /100
dependency-tracker
每周依赖检查。检查 Node.js、npm 版本和全局包是否有可用更新。触发时机:cron 定时任务或手动调用。
A straightforward Node.js/npm dependency checker with complete documentation and no security concerns.
可以安装
This skill is safe to use. No security issues detected.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md documents node -v, npm -v, npm list -g, npm outdated |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md declares writes to data/exec-logs/dependency-tracker/ |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares Feishu integration for report delivery |
目录结构
2 文件 · 1.9 KB · 86 行 Markdown 2f · 86L
├─
▾
references
│ └─
spec.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands are explicitly documented in SKILL.md
✓ No credential harvesting or sensitive data access
✓ Output path is restricted to a dedicated directory
✓ No base64, eval, or obfuscation patterns detected
✓ No remote script execution patterns (curl|bash, wget|sh)
✓ Well-structured documentation with clear execution rules
✓ Atomic file writing with .tmp then mv pattern documented