中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:19 hr ago Rescan
10 /100
ChartMaker
Visualize data with bar charts, sparklines, and progress bars in terminal. Use when plotting metrics, rendering inline charts, or transforming data.
ChartMaker is a straightforward local data-logging bash script with no hidden functionality, credential access, network calls, or obfuscation — behavior fully aligns with documented intent.
Skill NameChartMaker
Duration30.1s
Enginepi
Safe to install
No blocking action needed. Consider pinning to a specific version if dependencies are added.

Findings 1 items

Severity Finding Location
Low
Shell capability declared as NONE in metadata but implemented as a bash script Doc Mismatch
SKILL.md metadata declares shell: NONE, yet the skill is entirely a bash script. This is a labeling inconsistency since CLI tools naturally require shell execution. Not a security violation — the bash script behavior is fully documented in SKILL.md.
set -euo pipefail in script.sh; script is pure bash implementation
→ Update SKILL.md metadata to reflect shell: WRITE if the capability model tracks implementation language, or clarify in docs that the bash script is the expected implementation.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned script.sh:6 — writes to ~/.local/share/chartmaker/
Shell NONE WRITE ✓ Aligned script.sh:1 — pure bash script; shell execution is the expected implementation m…
Network NONE NONE No curl, wget, or network calls found in script.sh
Environment NONE NONE No os.environ or env variable access; only uses $HOME and standard date/cmds
Clipboard NONE NONE No clipboard access in script.sh
Database NONE NONE No database access; uses plain-text log files only
Browser NONE NONE No browser access
Skill Invoke NONE NONE No skill invocation
2 findings
🔗
Medium External URL 外部 URL
https://bytesagain.com
SKILL.md:6
📧
Info Email 邮箱地址
[email protected]
SKILL.md:77

File Tree

2 files · 14.0 KB · 390 lines
Shell 1f · 313L Markdown 1f · 77L
├─ 📁 scripts
│ └─ 🔧 script.sh Shell 313L · 11.0 KB
└─ 📝 SKILL.md Markdown 77L · 3.0 KB

Security Positives

✓ No network calls (no curl, wget, or outbound HTTP requests)
✓ No credential or sensitive path access (~/.ssh, ~/.aws, .env not touched)
✓ No obfuscation (no base64, eval, or encoded payloads)
✓ No persistence mechanisms (no cron, systemd, or startup hooks)
✓ No data exfiltration — all data stored locally in ~/.local/share/chartmaker/
✓ Behavior fully matches SKILL.md documentation
✓ No dependencies declared in package manager files — self-contained bash
✓ Uses safe shell practices: set -euo pipefail, proper quoting, no eval