扫描报告
5 /100
knowledge-base-skill
Multi-business knowledge base with image attachment + OCR support
This is a straightforward knowledge base management skill with image/OCR support. No malicious behavior detected - all functionality is documented, uses standard libraries, and operates only within its designated data directory.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | WRITE | ✓ 一致 | kb-manager.py:43 - Creates knowledge-base directories |
| 网络访问 | NONE | NONE | — | No network requests found |
| 命令执行 | NONE | READ | ✓ 一致 | image-manager.py:67 - subprocess.run for tesseract CLI |
| 环境变量 | NONE | NONE | — | No env access found |
1 项发现
中危 外部 URL 外部 URL
https://api.example.com SKILL.md:124 目录结构
4 文件 · 44.4 KB · 1408 行 Python 2f · 830L
Markdown 1f · 493L
Shell 1f · 85L
├─
▾
knowledge-base
│ ├─
image-manager.py
Python
│ ├─
kb-image.sh
Shell
│ └─
kb-manager.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
pytesseract | optional | pip | 否 | Optional - for OCR extraction |
pillow | optional | pip | 否 | Optional - for image processing |
tesseract-ocr | optional | system | 否 | Optional CLI tool for OCR |
安全亮点
✓ Clean codebase using only Python standard library (json, os, hashlib, datetime, shutil, subprocess)
✓ All functionality explicitly documented in SKILL.md
✓ Subprocess usage is limited to tesseract OCR (a documented optional dependency)
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or API key access
✓ No network exfiltration or C2 communication
✓ No obfuscation techniques (base64, eval, etc.)
✓ File operations confined to knowledge-base/ directory only
✓ Shell script (kb-image.sh) is simple wrapper around Python modules