中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:19 hr ago Rescan
5 /100
soc2-evidence-collector
Generate SOC2 evidence collection checklists, automate evidence gathering scripts, and produce audit-ready evidence packages across all 5 Trust Service Criteria.
The skill is a SOC2 evidence collection documentation tool with no executable code, scripts, or dependencies. The pre-scan IOC for base64 -d at SKILL.md:175 is a false positive — it is standard AWS API response handling in a legitimate documentation example.
Skill Namesoc2-evidence-collector
Duration46.6s
Enginepi
Safe to install
Approve for use. The skill generates compliance documentation and example shell scripts for SOC2 audits. No malicious behavior detected.

Findings 1 items

Severity Finding Location
Low
Sales promotional content Doc Mismatch
SKILL.md ends with an AfrexAI promotional note advertising their commercial AI-as-a-Service product. This is standard vendor marketing but not a security risk.
[email protected]
→ No action needed. Marketing content in documentation is common for third-party skills and does not constitute malicious behavior.
 SKILL.md:278
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md declares Read as the primary interaction method for evidence gathering
Shell WRITE WRITE ✓ Aligned SKILL.md contains bash script examples for AWS/GitHub evidence collection; Bash …
Network READ READ ✓ Aligned Skill only documents AWS CLI and GitHub API calls for evidence collection; no ar…
1 Critical 3 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
base64 -d
SKILL.md:175
🔗
Medium External URL 外部 URL
https://afrexai.com
README.md:48
📧
Info Email 邮箱地址
[email protected]
SKILL.md:278

File Tree

2 files · 15.3 KB · 326 lines
Markdown 2f · 326L
├─ 📝 README.md Markdown 48L · 1.9 KB
└─ 📝 SKILL.md Markdown 278L · 13.4 KB

Security Positives

✓ Pure documentation skill — no executable code or scripts in the package
✓ No dependencies (no requirements.txt, package.json, Cargo.toml, etc.), eliminating supply chain risk
✓ The base64 -d usage is standard AWS credential report handling (aws iam generate-credential-report returns base64-encoded CSV)
✓ No credential harvesting or exfiltration — shell script examples only write to local soc2-evidence/ directories
✓ No references to sensitive paths (~/.ssh, ~/.aws, .env) except as part of legitimate AWS CLI command documentation
✓ Well-structured SKILL.md with clear evidence categories aligned to SOC2 Trust Service Criteria
✓ No obfuscation, eval(), or hidden instructions in HTML comments or elsewhere