Scan Report
0 /100
techsnif
Query TechSnif tech news intelligence via bundled CLI
This is a legitimate, read-only tech news CLI tool that queries a public API. No malicious behavior, credential harvesting, shell execution, or hidden functionality detected.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | scripts/techsnif-cli.cjs:3563 - fetch(url.toString(), {headers: {Accept: 'applic… |
| Filesystem | NONE | NONE | — | No filesystem access detected |
| Shell | NONE | NONE | — | No shell execution detected |
| Environment | NONE | NONE | — | TECHSNIF_API_URL only, not harvesting credentials |
3 findings
Medium External URL 外部 URL
https://techsnif.com/ SKILL.md:4 Medium External URL 外部 URL
https://www.npmjs.com/package/@techsnif/cli SKILL.md:5 Medium External URL 外部 URL
https://api.techsnif.com SKILL.md:58 File Tree
3 files · 144.9 KB · 3974 lines JavaScript 1f · 3865L
Markdown 2f · 109L
├─
▾
references
│ └─
categories.md
Markdown
├─
▾
scripts
│ └─
techsnif-cli.cjs
JavaScript
└─
SKILL.md
Markdown
Security Positives
✓ Bundled CLI (no remote package downloads)
✓ Public read-only API access - no authentication required
✓ No credential harvesting or exfiltration
✓ No shell execution capabilities
✓ No file system writes
✓ Clear documentation in SKILL.md matching actual behavior
✓ Standard CLI patterns using commander.js library
✓ No sensitive path access (~/.ssh, ~/.aws, .env)