中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 18/100
Last scan:2 days ago Rescan
18 /100
word-jumble
Generate a Word Jumble puzzle with scrambled words, circled letters forming an idiom, cartoon hint, and printable screenshot
This is a legitimate Word Jumble puzzle generator with minor documentation gaps but no malicious behavior detected.
Skill Nameword-jumble
Duration27.3s
Enginepi
Safe to install
Add explicit declarations for filesystem:WRITE and network:READ in SKILL.md to fully document the skill's actual behavior. The answer key in the HTML template is intended for puzzle creators and poses minimal risk in context.

Findings 3 items

Severity Finding Location
Low
Undeclared filesystem write access
SKILL.md declares NONE for filesystem but the code creates output/ directories and writes JSON, HTML, and image files.
output goes into an `output/` directory (create if needed)
→ Declare filesystem:WRITE in SKILL.md header capabilities
 SKILL.md:1
Low
Hidden answer key in HTML
puzzle-template.html embeds the answer in tiny upside-down text at bottom-right. While intended for puzzle creators to verify printouts, this is not documented and could confuse solvers who inspect the HTML.
answerKey.textContent = 'Answer: ' + puzzle.final_puzzle.solution.join('')
→ Document this design decision or consider if it's necessary for the intended use case
 assets/puzzle-template.html:147
Info
Network access not declared
render_puzzle.py starts a local HTTP server on port 7891 but SKILL.md does not declare network access.
server = http.server.HTTPServer(('', port), handler)
→ Add network:READ to declared capabilities as this skill serves HTML locally
 scripts/render_puzzle.py:79
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation SKILL.md declares NONE but code creates output/ directory and writes files
Network NONE READ ✗ Violation render_puzzle.py:79 starts local HTTP server
Shell NONE NONE No subprocess execution found
Browser READ READ ✓ Aligned SKILL.md mentions browser tool for screenshots

File Tree

4 files · 14.4 KB · 507 lines
HTML 1f · 236L Python 2f · 170L Markdown 1f · 101L
├─ 📁 assets
│ └─ 📄 puzzle-template.html HTML 236L · 5.2 KB
├─ 📁 scripts
│ ├─ 🐍 render_puzzle.py Python 101L · 3.2 KB
│ └─ 🐍 validate_puzzle.py Python 69L · 2.0 KB
└─ 📝 SKILL.md Markdown 101L · 4.1 KB

Security Positives

✓ No external network connections or data exfiltration detected
✓ No credential harvesting or environment variable scanning
✓ No base64 encoding, eval(), or obfuscated code patterns
✓ No curl|bash or wget|sh remote script execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Pure puzzle generation logic with no side effects
✓ Input validation script prevents malformed puzzles