Scan Report
5 /100
knowledge-base-skill
Multi-business knowledge base with image attachment + OCR support
This is a straightforward knowledge base management skill with image/OCR support. No malicious behavior detected - all functionality is documented, uses standard libraries, and operates only within its designated data directory.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | WRITE | ✓ Aligned | kb-manager.py:43 - Creates knowledge-base directories |
| Network | NONE | NONE | — | No network requests found |
| Shell | NONE | READ | ✓ Aligned | image-manager.py:67 - subprocess.run for tesseract CLI |
| Environment | NONE | NONE | — | No env access found |
1 findings
Medium External URL 外部 URL
https://api.example.com SKILL.md:124 File Tree
4 files · 44.4 KB · 1408 lines Python 2f · 830L
Markdown 1f · 493L
Shell 1f · 85L
├─
▾
knowledge-base
│ ├─
image-manager.py
Python
│ ├─
kb-image.sh
Shell
│ └─
kb-manager.py
Python
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
pytesseract | optional | pip | No | Optional - for OCR extraction |
pillow | optional | pip | No | Optional - for image processing |
tesseract-ocr | optional | system | No | Optional CLI tool for OCR |
Security Positives
✓ Clean codebase using only Python standard library (json, os, hashlib, datetime, shutil, subprocess)
✓ All functionality explicitly documented in SKILL.md
✓ Subprocess usage is limited to tesseract OCR (a documented optional dependency)
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or API key access
✓ No network exfiltration or C2 communication
✓ No obfuscation techniques (base64, eval, etc.)
✓ File operations confined to knowledge-base/ directory only
✓ Shell script (kb-image.sh) is simple wrapper around Python modules