中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
skill-finder
Find and evaluate Claude skills for specific use cases using semantic search, Anthropic best practices assessment, and fitness scoring.
This is a legitimate Claude skill documentation and search utility with no security issues. The base64 -d usage flagged by pre-scan is standard GitHub API response decoding, not obfuscation.
Skill Nameskill-finder
Duration39.3s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified.
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned Uses gh api commands to query GitHub API, documented in SKILL.md lines 58-94
Shell WRITE WRITE ✓ Aligned Uses gh CLI, jq, and bash as documented. No unauthorized command execution.
Filesystem NONE WRITE ✓ Aligned Writes temp files (temp_skill.md) but only for transient processing, documented …
1 Critical 5 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
base64 -d
SKILL.md:87
🔗
Medium External URL 外部 URL
https://www.apache.org/licenses/
LICENSE.txt:3
🔗
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/agents-and-tools/agent-skills/overview
references/best-practices-checklist.md:286
🔗
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/agents-and-tools/agent-skills/best-practices
references/best-practices-checklist.md:287
🔗
Medium External URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/skills
references/best-practices-checklist.md:288

File Tree

7 files · 80.4 KB · 2755 lines
Markdown 6f · 2593L Text 1f · 162L
├─ 📁 examples
│ └─ 📝 sample-output.md Markdown 530L · 18.1 KB
├─ 📁 references
│ ├─ 📝 best-practices-checklist.md Markdown 292L · 7.6 KB
│ ├─ 📝 installation-workflow.md Markdown 547L · 13.3 KB
│ ├─ 📝 ranking-algorithm.md Markdown 359L · 9.6 KB
│ └─ 📝 search-strategies.md Markdown 334L · 7.9 KB
├─ 📄 LICENSE.txt Text 162L · 8.9 KB
└─ 📝 SKILL.md Markdown 531L · 14.9 KB

Security Positives

✓ All functionality explicitly documented in SKILL.md with clear examples
✓ No scripts or executables - pure documentation files only
✓ Uses standard GitHub CLI (gh) for all API interactions
✓ No credential harvesting or environment variable access
✓ No network exfiltration or C2 communication
✓ No obfuscation or hidden functionality
✓ Well-organized reference files with clear purpose
✓ Consistent use of documented tools (gh, jq, bash)