扫描报告
10 /100
ChartMaker
Visualize data with bar charts, sparklines, and progress bars in terminal. Use when plotting metrics, rendering inline charts, or transforming data.
ChartMaker is a straightforward local data-logging bash script with no hidden functionality, credential access, network calls, or obfuscation — behavior fully aligns with documented intent.
可以安装
No blocking action needed. Consider pinning to a specific version if dependencies are added.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Shell capability declared as NONE in metadata but implemented as a bash script 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | script.sh:6 — writes to ~/.local/share/chartmaker/ |
| 命令执行 | NONE | WRITE | ✓ 一致 | script.sh:1 — pure bash script; shell execution is the expected implementation m… |
| 网络访问 | NONE | NONE | — | No curl, wget, or network calls found in script.sh |
| 环境变量 | NONE | NONE | — | No os.environ or env variable access; only uses $HOME and standard date/cmds |
| 剪贴板 | NONE | NONE | — | No clipboard access in script.sh |
| 数据库 | NONE | NONE | — | No database access; uses plain-text log files only |
| 浏览器 | NONE | NONE | — | No browser access |
| 技能调用 | NONE | NONE | — | No skill invocation |
2 项发现
中危 外部 URL 外部 URL
https://bytesagain.com SKILL.md:6 提示 邮箱 邮箱地址
[email protected] SKILL.md:77 目录结构
2 文件 · 14.0 KB · 390 行 Shell 1f · 313L
Markdown 1f · 77L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ No network calls (no curl, wget, or outbound HTTP requests)
✓ No credential or sensitive path access (~/.ssh, ~/.aws, .env not touched)
✓ No obfuscation (no base64, eval, or encoded payloads)
✓ No persistence mechanisms (no cron, systemd, or startup hooks)
✓ No data exfiltration — all data stored locally in ~/.local/share/chartmaker/
✓ Behavior fully matches SKILL.md documentation
✓ No dependencies declared in package manager files — self-contained bash
✓ Uses safe shell practices: set -euo pipefail, proper quoting, no eval