扫描报告
0 /100
career-news
针对不同职业每日推送全球精选行业新闻
Legitimate career news aggregation skill that generates AI agent prompts. All capabilities are documented, file operations are scoped to a single data directory, and no malicious patterns were found.
可以安装
No action required. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | register.js:47 writes to data/users/<userId>.json; morning-push.js:44 reads data… |
| 网络访问 | NONE | NONE | — | No network calls in any script |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
| 环境变量 | NONE | NONE | — | No os.environ access |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
7 文件 · 31.6 KB · 697 行 JavaScript 4f · 572L
Markdown 1f · 104L
JSON 2f · 21L
├─
▾
scripts
│ ├─
morning-push.js
JavaScript
│ ├─
news-query.js
JavaScript
│ ├─
push-toggle.js
JavaScript
│ └─
register.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities declared and match implementation
✓ User input sanitized with strict regex: replace(/[^a-zA-Z0-9_-]/g, '')
✓ File operations scoped exclusively to data/users/ directory
✓ No external network requests or credential access
✓ No obfuscation, eval(), or base64-encoded payloads
✓ Uses only Node.js standard libraries (fs, path)
✓ Prompts are text output to stdout for AI agents, not code execution
✓ Documentation accurately describes all functionality
✓ No sensitive paths accessed (~/.ssh, ~/.aws, .env)
✓ No supply chain risks - no external dependencies beyond Node.js stdlib