中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 45/100
上次扫描:2 天前 重新扫描
45 /100
blood-pressure-therapy
高血压治疗管理 - Blood pressure monitoring and AHA 2017 classification with audio therapy
This is a legitimate blood pressure management skill with no executable code, but it contains an undeclared external URL to a URL shortener service that appears across multiple files as the 'audio therapy solution'.
技能名称blood-pressure-therapy
分析耗时31.6s
引擎pi
谨慎使用
The skill's core functionality (health data processing, classification advice) is benign, but the external URL shortener link is a security concern. Users should be warned that clicking audio links may redirect to external sites. Consider hosting audio content locally or on a trusted medical platform.

安全发现 3 项

严重性 安全发现 位置
中危
Undeclared external URL references
The skill references external URL https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7 as the 'audio therapy solution' in 5 locations. This network behavior is not declared in SKILL.md.
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
→ Declare network:READ capability if the skill intends to reference external content. Consider hosting audio files locally or on a trusted medical platform.
 assets/blood_pressure_therapy.md:3
中危
URL shortener obscures actual destination
The audio therapy links use myxt.com URL shortener service. This makes it impossible to verify the actual destination of the audio content without clicking the link, which could potentially redirect to malicious sites.
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
→ Replace URL shortener with direct links to trusted audio hosting platforms or embed audio content directly.
 assets/blood_pressure_therapy.md:3
低危
Medical disclaimer present
The skill includes appropriate medical disclaimers stating it does not replace professional medical advice and recommends immediate medical attention for hypertensive emergencies.
本技能仅供辅助健康管理,不替代专业医疗诊断和建议
→ No action needed - this is a positive security practice.
 SKILL.md:65
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 Skill reads its own markdown files for workflow content
网络访问 NONE READ ✗ 越权 External URLs in assets/blood_pressure_therapy.md and examples/conversations.md …
5 项发现
🔗
中危 外部 URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7
assets/blood_pressure_therapy.md:3
🔗
中危 外部 URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7|
assets/blood_pressure_therapy.md:4
🔗
中危 外部 URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松,有助于降低交感神经活性,对血压产生积极...
examples/conversations.md:19
🔗
中危 外部 URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松,帮助降低交感神经活性,对血压产生积极调...
examples/conversations.md:27
🔗
中危 外部 URL 外部 URL
https://myxt.com/link/738cba02-d41a-453a-99db-9be5545c1cd7\n\n这是一套专为高血压人群设计的放松音频方案,通过特定频率和节奏引导身心深度放松。\n\n⚠️
examples/conversations.md:35

目录结构

9 文件 · 11.5 KB · 237 行
Markdown 9f · 237L
├─ 📁 assets
│ └─ 📝 blood_pressure_therapy.md Markdown 3L · 188 B
├─ 📁 examples
│ └─ 📝 conversations.md Markdown 35L · 3.5 KB
├─ 📁 references
│ ├─ 📝 AHA_2017.md Markdown 10L · 582 B
│ └─ 📝 classification_advice.md Markdown 45L · 1.7 KB
├─ 📁 templates
│ └─ 📝 output_formats.md Markdown 42L · 1.1 KB
├─ 📁 workflows
│ ├─ 📝 step1_data_collection.md Markdown 7L · 325 B
│ └─ 📝 step2_bp_recording.md Markdown 12L · 420 B
├─ 📝 init.md Markdown 10L · 505 B
└─ 📝 SKILL.md Markdown 73L · 3.2 KB

安全亮点

✓ Markdown-only skill with no executable code
✓ No shell execution, file writes, or credential access
✓ No base64 encoded content or obfuscated scripts
✓ Appropriate medical disclaimers for hypertensive emergency warnings
✓ Based on legitimate AHA 2017 clinical guidelines
✓ No data exfiltration or network call home behavior beyond declared links