中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
taskboard-cli
Lightweight SQLite-backed task management CLI for multi-agent workflows
A straightforward SQLite-backed task management CLI with no network calls, no credential access, no shell execution, and clean standard-library-only implementation that matches its documented behavior.
技能名称taskboard-cli
分析耗时32.7s
引擎pi
可以安装
This skill is safe to use. The code performs exactly as documented with no hidden behavior. Minor doc inconsistencies between reference files and implementation do not represent security risks.

安全发现 1 项

严重性 安全发现 位置
低危
Reference doc describes a different tool variant 文档欺骗
references/taskboard-setup.md documents a JSON-based taskboard (taskboard.json, --assignee flag) but scripts/taskboard.py is SQLite-based with different CLI flags. This is a cosmetic documentation drift, not a security issue — the actual skill implementation matches SKILL.md accurately.
Tasks are stored in `taskboard.json`
→ Update references/taskboard-setup.md to match the SQLite implementation, or consolidate into SKILL.md to avoid confusion.
 references/taskboard-setup.md:1
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 taskboard.py:35-42 — sqlite3.connect() writes to scripts/taskboard.db
网络访问 NONE NONE No urllib, requests, http.client, socket, or subprocess calls anywhere in taskbo…
命令执行 NONE NONE No subprocess, os.system, or popen calls in taskboard.py
环境变量 NONE NONE No os.environ access; default --author is hardcoded literal 'paimon'
技能调用 NONE NONE No skill invocation or dynamic import calls
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser or web automation
数据库 WRITE WRITE ✓ 一致 taskboard.py:32-47 — full SQLite CRUD via sqlite3, schema auto-initialization
1 项发现
🔗
中危 外部 URL 外部 URL
https://discord.com/api/webhooks/...
references/webhook-integration.md:54

目录结构

6 文件 · 29.6 KB · 935 行
Python 1f · 496L Markdown 4f · 394L SQL 1f · 45L
├─ 📁 references
│ ├─ 📝 github-backend.md Markdown 97L · 2.9 KB
│ ├─ 📝 taskboard-setup.md Markdown 141L · 3.4 KB
│ └─ 📝 webhook-integration.md Markdown 63L · 1.8 KB
├─ 📁 scripts
│ ├─ 📄 schema.sql SQL 45L · 1.6 KB
│ └─ 🐍 taskboard.py Python 496L · 16.3 KB
└─ 📝 SKILL.md Markdown 93L · 3.5 KB

安全亮点

✓ Uses only Python standard library (sqlite3, argparse, json, pathlib, datetime) — no external dependencies
✓ No network calls of any kind — confirmed by grep for urllib, requests, http, socket, subprocess
✓ No credential or environment variable access
✓ No shell execution (subprocess, os.system, popen)
✓ SKILL.md accurately describes all actual functionality
✓ SQLite schema auto-initializes safely with CREATE TABLE IF NOT EXISTS and idempotent migrations
✓ Input parameters bound via parameterized queries — no SQL injection risk
✓ Audit trail (task_updates table) records all field changes with author attribution
✓ Discord webhook reference is purely informational in a reference doc, not implemented in the skill code