Scan Report
20 /100
thecorporation-form-and-operate
CLI skill for corporate governance management via npx corp command
This skill is pure documentation for a corporate governance CLI tool with no executable code. The only concern is unpinned npx package dependency which introduces minor supply chain risk.
Safe to install
Consider pinning the npm package version (e.g., @thecorporation/[email protected]) in the install section to ensure reproducibility and prevent unexpected changes.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned npm package version Supply Chain | SKILL.md:7 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md is documentation only with no file operations |
| Network | NONE | NONE | — | No network calls in the skill documentation |
| Shell | NONE | NONE | — | SKILL.md contains no shell commands; npx usage is documented for CLI invocation … |
| Environment | NONE | NONE | — | No environment variable access documented |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard operations |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No direct database access |
2 findings
Info Email 邮箱地址
[email protected] SKILL.md:85 Info Email 邮箱地址
[email protected] SKILL.md:86 File Tree
1 files · 19.1 KB · 479 lines Markdown 1f · 479L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation file with no executable code
✓ No obfuscation or hidden functionality
✓ No credential harvesting or sensitive data access
✓ No network calls within the skill
✓ No shell command injection vectors
✓ Documentation accurately reflects stated functionality