中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
flyai-vacation-planner
智能拼假日历助手,帮助用户计算最优请假方案并查询机票价格
Pure documentation-only skill with no executable code; all capabilities (CLI tool install, filesystem read for user profiles, network via FlyAI CLI) are fully declared in SKILL.md and reference docs.
技能名称flyai-vacation-planner
分析耗时34.7s
引擎pi
可以安装
No action needed. This skill is safe to use as-is.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md:64; reference/user-profile-storage.md:43
网络访问 READ READ ✓ 一致 SKILL.md:43-44; flyai CLI commands in reference/*.md
命令执行 WRITE WRITE ✓ 一致 SKILL.md:43 npm install -g @fly-ai/flyai-cli@latest
3 项发现
🔗
中危 外部 URL 外部 URL
https://registry.npmmirror.com
SKILL.md:40
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/...
reference/search-hotel.md:44
🔗
中危 外部 URL 外部 URL
https://img.alicdn.com/tfscom/...
reference/search-poi.md:32

目录结构

13 文件 · 27.5 KB · 883 行
Markdown 13f · 883L
├─ 📁 reference
│ ├─ 📝 ai-search.md Markdown 26L · 659 B
│ ├─ 📝 examples.md Markdown 23L · 834 B
│ ├─ 📝 holidays-cn.md Markdown 31L · 936 B
│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB
│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB
│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB
│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB
│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B
│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB
│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB
│ ├─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB
│ └─ 📝 visa-rules.md Markdown 23L · 824 B
└─ 📝 SKILL.md Markdown 178L · 6.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@fly-ai/flyai-cli latest npm (registry.npmjs.org) Version pinned to @latest; package source declared in SKILL.md

安全亮点

✓ Documentation-only: zero executable code (scripts, binaries, or bytecode) present
✓ All external capabilities (npm install, FlyAI CLI network calls, filesystem user profile) fully declared in SKILL.md
✓ No obfuscation (no base64, no eval, no encoded payloads)
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env not touched)
✓ No C2 communication, reverse shells, or data exfiltration behavior
✓ No supply chain risk: npm package pinned to @latest tag from official registry; no unpinned dependencies
✓ User profile data stays local in ~/.flyai/ — no exfiltration of personal information