中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
skill-finder
Find and evaluate Claude skills for specific use cases using semantic search, Anthropic best practices assessment, and fitness scoring.
This is a legitimate Claude skill documentation and search utility with no security issues. The base64 -d usage flagged by pre-scan is standard GitHub API response decoding, not obfuscation.
技能名称skill-finder
分析耗时39.3s
引擎pi
可以安装
This skill is safe to use. No security concerns identified.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 Uses gh api commands to query GitHub API, documented in SKILL.md lines 58-94
命令执行 WRITE WRITE ✓ 一致 Uses gh CLI, jq, and bash as documented. No unauthorized command execution.
文件系统 NONE WRITE ✓ 一致 Writes temp files (temp_skill.md) but only for transient processing, documented …
1 严重 5 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d
SKILL.md:87
🔗
中危 外部 URL 外部 URL
https://www.apache.org/licenses/
LICENSE.txt:3
🔗
中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/agents-and-tools/agent-skills/overview
references/best-practices-checklist.md:286
🔗
中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/agents-and-tools/agent-skills/best-practices
references/best-practices-checklist.md:287
🔗
中危 外部 URL 外部 URL
https://docs.anthropic.com/en/docs/claude-code/skills
references/best-practices-checklist.md:288

目录结构

7 文件 · 80.4 KB · 2755 行
Markdown 6f · 2593L Text 1f · 162L
├─ 📁 examples
│ └─ 📝 sample-output.md Markdown 530L · 18.1 KB
├─ 📁 references
│ ├─ 📝 best-practices-checklist.md Markdown 292L · 7.6 KB
│ ├─ 📝 installation-workflow.md Markdown 547L · 13.3 KB
│ ├─ 📝 ranking-algorithm.md Markdown 359L · 9.6 KB
│ └─ 📝 search-strategies.md Markdown 334L · 7.9 KB
├─ 📄 LICENSE.txt Text 162L · 8.9 KB
└─ 📝 SKILL.md Markdown 531L · 14.9 KB

安全亮点

✓ All functionality explicitly documented in SKILL.md with clear examples
✓ No scripts or executables - pure documentation files only
✓ Uses standard GitHub CLI (gh) for all API interactions
✓ No credential harvesting or environment variable access
✓ No network exfiltration or C2 communication
✓ No obfuscation or hidden functionality
✓ Well-organized reference files with clear purpose
✓ Consistent use of documented tools (gh, jq, bash)