扫描报告
5 /100
environment-doc-author
Verify real local environment facts and create environment baseline JSON/policy documents
This is a legitimate environment detection and documentation skill with no malicious behavior. All functionality is declared, necessary, and properly scoped.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | spawnSync/subprocess.run used for version probes only |
| 文件系统 | READ|WRITE | READ|WRITE | ✓ 一致 | Reads baselines, writes JSON/Markdown outputs |
| 环境变量 | READ | READ | ✓ 一致 | Reads dev-tool env vars (JAVA_HOME, PATH) for detection only |
| 网络访问 | NONE | READ | ✓ 一致 | Probe-file allows local service checks only |
| 技能调用 | NONE | NONE | — | No skill chaining observed |
目录结构
7 文件 · 139.7 KB · 3945 行 JavaScript 2f · 1832L
Python 2f · 1643L
Markdown 3f · 470L
├─
▾
references
│ ├─
document-contracts.md
Markdown
│ └─
probe-file.md
Markdown
├─
▾
scripts
│ ├─
detect_environment.js
JavaScript
│ ├─
detect_environment.py
Python
│ ├─
render_environment_docs.js
JavaScript
│ └─
render_environment_docs.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands are version probes (git --version, java -version) - no arbitrary execution
✓ Environment variable reading is limited to dev-tool paths (JAVA_HOME, PATH) - no credential harvesting
✓ No sensitive path access (~/.ssh, ~/.aws, .env files) observed
✓ No obfuscation, base64 payloads, or eval() patterns
✓ No external IP connections or C2 communication
✓ Code is clean and well-structured - no hidden functionality
✓ SKILL.md accurately describes all capabilities and behavior
✓ No supply chain risks - only uses standard library (Node.js os/fs/path, Python subprocess)