中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:2 days ago Rescan
45 /100
blood-pressure-therapy
高血压治疗管理 - Blood pressure monitoring and AHA 2017 classification with audio therapy
This is a legitimate blood pressure management skill with no executable code, but it contains an undeclared external URL to a URL shortener service that appears across multiple files as the 'audio therapy solution'.
Skill Nameblood-pressure-therapy
Duration31.6s
Enginepi
Use with caution
The skill's core functionality (health data processing, classification advice) is benign, but the external URL shortener link is a security concern. Users should be warned that clicking audio links may redirect to external sites. Consider hosting audio content locally or on a trusted medical platform.

Findings 3 items

Severity Finding Location
Medium
Undeclared external URL references
The skill references external URL https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7 as the 'audio therapy solution' in 5 locations. This network behavior is not declared in SKILL.md.
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
→ Declare network:READ capability if the skill intends to reference external content. Consider hosting audio files locally or on a trusted medical platform.
 assets/blood_pressure_therapy.md:3
Medium
URL shortener obscures actual destination
The audio therapy links use myxt.com URL shortener service. This makes it impossible to verify the actual destination of the audio content without clicking the link, which could potentially redirect to malicious sites.
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
→ Replace URL shortener with direct links to trusted audio hosting platforms or embed audio content directly.
 assets/blood_pressure_therapy.md:3
Low
Medical disclaimer present
The skill includes appropriate medical disclaimers stating it does not replace professional medical advice and recommends immediate medical attention for hypertensive emergencies.
本技能仅供辅助健康管理,不替代专业医疗诊断和建议
→ No action needed - this is a positive security practice.
 SKILL.md:65
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned Skill reads its own markdown files for workflow content
Network NONE READ ✗ Violation External URLs in assets/blood_pressure_therapy.md and examples/conversations.md …
5 findings
🔗
Medium External URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
assets/blood_pressure_therapy.md:3
🔗
Medium External URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7|
assets/blood_pressure_therapy.md:4
🔗
Medium External URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松,有助于降低交感神经活性,对血压产生积极...
examples/conversations.md:19
🔗
Medium External URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松,帮助降低交感神经活性,对血压产生积极调...
examples/conversations.md:27
🔗
Medium External URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松。\n\n⚠️
examples/conversations.md:35

File Tree

9 files · 11.5 KB · 237 lines
Markdown 9f · 237L
├─ 📁 assets
│ └─ 📝 blood_pressure_therapy.md Markdown 3L · 188 B
├─ 📁 examples
│ └─ 📝 conversations.md Markdown 35L · 3.5 KB
├─ 📁 references
│ ├─ 📝 AHA_2017.md Markdown 10L · 582 B
│ └─ 📝 classification_advice.md Markdown 45L · 1.7 KB
├─ 📁 templates
│ └─ 📝 output_formats.md Markdown 42L · 1.1 KB
├─ 📁 workflows
│ ├─ 📝 step1_data_collection.md Markdown 7L · 325 B
│ └─ 📝 step2_bp_recording.md Markdown 12L · 420 B
├─ 📝 init.md Markdown 10L · 505 B
└─ 📝 SKILL.md Markdown 73L · 3.2 KB

Security Positives

✓ Markdown-only skill with no executable code
✓ No shell execution, file writes, or credential access
✓ No base64 encoded content or obfuscated scripts
✓ Appropriate medical disclaimers for hypertensive emergency warnings
✓ Based on legitimate AHA 2017 clinical guidelines
✓ No data exfiltration or network call home behavior beyond declared links