中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
pdf-processor
学术PDF处理:提取文字、判断语言、翻译(英文→中文)、生成200字纯中文概述。使用本地Ollama模型,不消耗线上API。
Legitimate academic PDF translation skill that uses a local Ollama model for text extraction, translation, and summarization; no malicious behavior detected, with only minor documentation gaps around subprocess usage.
Skill Namepdf-processor
Duration37.1s
Enginepi
Safe to install
Approve for use. Consider pinning dependency versions in requirements.txt for better supply-chain hygiene.

Findings 2 items

Severity Finding Location
Low
Shell execution not explicitly declared in capabilities section Doc Mismatch
process_pdf.py uses subprocess.Popen(['ollama', 'serve']) to automatically start the Ollama service. While 'ollama serve' is mentioned in the Troubleshooting section of SKILL.md, it is not listed in the Resources or Technical Details sections as a capability. This is a minor documentation gap — the behavior is transparent (no obfuscation, no external IPs) and the purpose is clearly to enable the documented Ollama local API.
subprocess.Popen(['ollama', 'serve'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
→ Add a 'Shell: WRITE' declaration in SKILL.md's Resources section or document the subprocess call explicitly in Technical Details.
 scripts/process_pdf.py:47
Low
Python dependencies without version pinning Supply Chain
package.json specifies pdfplumber and requests without version constraints. While these are well-maintained, stable packages, unpinned dependencies can lead to unexpected behavior if a breaking change is released.
"packages": ["pdfplumber", "requests"]
→ Pin versions, e.g., "pdfplumber>=0.10.0,<1.0.0" and "requests>=2.28.0,<3.0.0".
 package.json:18
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned process_pdf.py: writes to output_base_dir; shutil.move; .unlink()
Network READ READ ✓ Aligned process_pdf.py: requests.post(http://localhost:11434/api/generate) — local-only,…
Shell NONE WRITE ✓ Aligned process_pdf.py:47 — subprocess.Popen(['ollama', 'serve']) to auto-start Ollama. …
Environment NONE NONE No environment variable access observed
Skill Invoke NONE NONE No cross-skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser usage
Database NONE NONE No database access
1 findings
🔗
Medium External URL 外部 URL
https://ollama.ai
package.json:26

File Tree

6 files · 38.5 KB · 1285 lines
Python 2f · 775L Markdown 3f · 477L JSON 1f · 33L
├─ 📁 references
│ ├─ 📝 directory-structure.md Markdown 131L · 3.0 KB
│ └─ 📝 workflow.md Markdown 92L · 2.4 KB
├─ 📁 scripts
│ ├─ 🐍 generate_index.py Python 161L · 4.8 KB
│ └─ 🐍 process_pdf.py Python 614L · 20.9 KB
├─ 📋 package.json JSON 33L · 960 B
└─ 📝 SKILL.md Markdown 254L · 6.5 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
pdfplumber unpinned pip No No version constraint specified in package.json
requests unpinned pip No No version constraint specified in package.json

Security Positives

✓ All network traffic is local-only to http://localhost:11434 (Ollama) — no external network calls observed
✓ No credential theft: script does not read ~/.ssh, ~/.aws, .env, or iterate os.environ for sensitive keys
✓ No obfuscation: no base64-encoded payloads, no eval(), no dynamic code generation
✓ No data exfiltration: no outbound POSTs, no external IPs, no suspicious URLs
✓ No sensitive file access: only reads user-provided PDF paths and writes to user-specified output directories
✓ No prompt injection: no hidden instructions in HTML comments or LLM prompts
✓ File operations are well-scoped: only reads PDF, writes translation/summary/output text files within declared directory structure
✓ Progress file (.json) is stored in the processing directory and properly cleaned up after completion