中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:22 hr ago Rescan
5 /100
soul-architect
Creates STYLE_MANIFESTO persona source code for content-engine
Legitimate persona synthesis tool with no malicious indicators - only creates local documentation files using standard library Python.
Skill Namesoul-architect
Duration27.9s
Enginepi
Safe to install
No action required. This skill is safe to use.

Findings 1 items

Severity Finding Location
Low
Missing allowed-tools declaration Doc Mismatch
SKILL.md does not explicitly declare allowed-tools. While the script only uses filesystem:WRITE for scoped persona directory creation, explicit declaration is security best practice.
No allowed-tools section present
→ Add explicit allowed-tools section: filesystem:WRITE, skill_invoke:NONE
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned scripts/synthesize.py:27 - creates personas/{name}/ directory and STYLE_MANIFEST…
Shell NONE NONE No subprocess or shell execution found
Network NONE NONE No network requests in code
Environment NONE NONE No os.environ access except standard argparse
credential NONE NONE No credential access

File Tree

3 files · 8.5 KB · 239 lines
Markdown 1f · 141L Python 1f · 65L Ignore 1f · 33L
├─ 📁 scripts
│ └─ 🐍 synthesize.py Python 65L · 2.1 KB
├─ 📄 .gitignore Ignore 33L · 284 B
└─ 📝 SKILL.md Markdown 141L · 6.1 KB

Security Positives

✓ Uses only Python standard library (os, argparse, pathlib) - no third-party dependencies
✓ File writes are scoped to personas/{name}/ directory only - no broad filesystem access
✓ No network calls or external communications
✓ No credential harvesting or environment variable abuse
✓ No obfuscation, base64 encoding, or eval() usage
✓ No shell command execution
✓ Logic is straightforward and auditable