Scan Report
15 /100
news-trust-check
Verify suspicious news, announcements, screenshots, and viral claims using a high-trust source pool
A benign news credibility checker skill that uses keyword-based risk scoring with no network access, credential exposure, or malicious functionality detected.
Safe to install
Declare allowed-tools and script execution in SKILL.md to eliminate documentation gaps. Otherwise safe to use.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | No allowed-tools declaration Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | Script reads no files; SKILL.md references sources by name only |
| Network | NONE | NONE | — | No HTTP requests, DNS lookups, or external calls in assess_claim.py |
| Shell | NONE | NONE | — | assess_claim.py is pure Python with no subprocess; no shell commands in SKILL.md… |
File Tree
3 files · 3.8 KB · 146 lines Markdown 2f · 109L
Python 1f · 37L
├─
▾
references
│ └─
high-trust-sources.md
Markdown
├─
▾
scripts
│ └─
assess_claim.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ No network access or data exfiltration — assess_claim.py performs only in-memory string matching
✓ No credential access or harvesting — script contains no os.environ, config files, or key lookups
✓ No obfuscation — code is plain Python with readable logic and no base64, eval, or dynamic exec
✓ No remote code execution — no curl|bash, wget|sh, or subprocess calls
✓ No supply chain risk — assess_claim.py has zero third-party imports (only argparse, json, sys from stdlib)
✓ Risk scoring logic is deterministic, auditable, and clearly documented with Chinese fraud-related keywords
✓ Skill purpose (news trust verification) is clearly stated and matches implementation