Scan Report
5 /100
cnpc
Information assistant for 中国石油 CNPC/PetroChina. Search products, news, financials, and official resources.
This is a simple information assistant skill with only documentation (SKILL.md) - no executable code, scripts, or dependencies. The described behavior is benign: web-based information retrieval about CNPC/PetroChina from official sources.
Safe to install
No action required. This skill contains only documentation with no executable code or suspicious behavior.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Web search capability not formally declared Doc Mismatch | SKILL.md:28 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file access operations in documentation |
| Network | READ | READ | ✓ Aligned | SKILL.md line 28-31: describes web search to fetch info from cnpc.com.cn |
| Shell | NONE | NONE | — | No shell command references in documentation |
| Environment | NONE | NONE | — | No environment access mentioned |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation described |
| Clipboard | NONE | NONE | — | No clipboard access mentioned |
| Browser | NONE | NONE | — | SKILL.md mentions 'web search' but no explicit browser tool declared |
| Database | NONE | NONE | — | No database access mentioned |
1 findings
Medium External URL 外部 URL
https://www.cnpc.com.cn SKILL.md:16 File Tree
1 files · 2.0 KB · 56 lines Markdown 1f · 56L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code or scripts present - purely documentation
✓ No credential harvesting or environment variable access
✓ No obfuscated code, base64, or suspicious patterns
✓ References only official legitimate sources (cnpc.com.cn)
✓ No supply chain risks (no dependencies)
✓ No persistence mechanisms or backdoors
✓ No prompt injection or jailbreak attempts
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ Behavior is fully documented in SKILL.md