中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
pdf-processor
学术PDF处理:提取文字、判断语言、翻译(英文→中文)、生成200字纯中文概述。使用本地Ollama模型,不消耗线上API。
Legitimate academic PDF translation skill that uses a local Ollama model for text extraction, translation, and summarization; no malicious behavior detected, with only minor documentation gaps around subprocess usage.
技能名称pdf-processor
分析耗时37.1s
引擎pi
可以安装
Approve for use. Consider pinning dependency versions in requirements.txt for better supply-chain hygiene.

安全发现 2 项

严重性 安全发现 位置
低危
Shell execution not explicitly declared in capabilities section 文档欺骗
process_pdf.py uses subprocess.Popen(['ollama', 'serve']) to automatically start the Ollama service. While 'ollama serve' is mentioned in the Troubleshooting section of SKILL.md, it is not listed in the Resources or Technical Details sections as a capability. This is a minor documentation gap — the behavior is transparent (no obfuscation, no external IPs) and the purpose is clearly to enable the documented Ollama local API.
subprocess.Popen(['ollama', 'serve'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
→ Add a 'Shell: WRITE' declaration in SKILL.md's Resources section or document the subprocess call explicitly in Technical Details.
 scripts/process_pdf.py:47
低危
Python dependencies without version pinning 供应链
package.json specifies pdfplumber and requests without version constraints. While these are well-maintained, stable packages, unpinned dependencies can lead to unexpected behavior if a breaking change is released.
"packages": ["pdfplumber", "requests"]
→ Pin versions, e.g., "pdfplumber>=0.10.0,<1.0.0" and "requests>=2.28.0,<3.0.0".
 package.json:18
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 process_pdf.py: writes to output_base_dir; shutil.move; .unlink()
网络访问 READ READ ✓ 一致 process_pdf.py: requests.post(http://localhost:11434/api/generate) — local-only,…
命令执行 NONE WRITE ✓ 一致 process_pdf.py:47 — subprocess.Popen(['ollama', 'serve']) to auto-start Ollama. …
环境变量 NONE NONE No environment variable access observed
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser usage
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://ollama.ai
package.json:26

目录结构

6 文件 · 38.5 KB · 1285 行
Python 2f · 775L Markdown 3f · 477L JSON 1f · 33L
├─ 📁 references
│ ├─ 📝 directory-structure.md Markdown 131L · 3.0 KB
│ └─ 📝 workflow.md Markdown 92L · 2.4 KB
├─ 📁 scripts
│ ├─ 🐍 generate_index.py Python 161L · 4.8 KB
│ └─ 🐍 process_pdf.py Python 614L · 20.9 KB
├─ 📋 package.json JSON 33L · 960 B
└─ 📝 SKILL.md Markdown 254L · 6.5 KB

依赖分析 2 项

包名版本来源已知漏洞备注
pdfplumber unpinned pip No version constraint specified in package.json
requests unpinned pip No version constraint specified in package.json

安全亮点

✓ All network traffic is local-only to http://localhost:11434 (Ollama) — no external network calls observed
✓ No credential theft: script does not read ~/.ssh, ~/.aws, .env, or iterate os.environ for sensitive keys
✓ No obfuscation: no base64-encoded payloads, no eval(), no dynamic code generation
✓ No data exfiltration: no outbound POSTs, no external IPs, no suspicious URLs
✓ No sensitive file access: only reads user-provided PDF paths and writes to user-specified output directories
✓ No prompt injection: no hidden instructions in HTML comments or LLM prompts
✓ File operations are well-scoped: only reads PDF, writes translation/summary/output text files within declared directory structure
✓ Progress file (.json) is stored in the processing directory and properly cleaned up after completion