中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:16 hr ago Rescan
15 /100
python-auto-dev
Automated Python code generation, testing, debugging, and optimization with integrated conda environment management
A straightforward Windows-centric Python dev-automation skill with no malicious behavior, though it has minor documentation gaps regarding shell:WRITE permission and cross-platform applicability.
Skill Namepython-auto-dev
Duration47.3s
Enginepi
Safe to install
Approve for use. No malicious behavior detected. Consider documenting the subprocess/shell:WRITE capability and noting the Windows-only hard-coded paths in SKILL.md for clarity.

Findings 3 items

Severity Finding Location
Low
Shell execution not declared in allowed-tools Doc Mismatch
SKILL.md lists allowed-tools as Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE. However, the implementation uses Python subprocess.run() for conda activation and linting tools, which is a form of shell execution not explicitly documented. The SKILL.md maps Bash to shell:WRITE but doesn't mention that scripts internally invoke subprocess.
allowed-tools mapping: Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE
→ Update SKILL.md to document that scripts use subprocess.run for conda environment activation and linting tool execution, which implies shell:WRITE permission internally.
 SKILL.md:1
Low
Hard-coded Windows-specific paths reduce cross-platform safety Priv Escalation
All five scripts hard-code C:\anaconda3 and H:\code\Daily as absolute Windows paths. This makes the skill non-functional on non-Windows systems and could cause unexpected file writes if paths are redirected.
DEFAULT_CONDA_PATH = r"C:\anaconda3\condabin\conda.bat"
→ Consider making paths configurable via environment variables or command-line arguments. The SKILL.md already notes 'modify scripts if path changes' but this should be a structured config.
 scripts/run_tests.py:17
Info
AST parsing of arbitrary user code Doc Mismatch
create_tests.py uses ast.parse() on any Python file path provided by the caller. A malicious upstream agent could provide a crafted file that triggers high CPU/memory via complex AST. This is a DoS vector, not data theft.
tree = ast.parse(content)
→ Add a file size limit or timeout on AST parsing. This is a minor concern since the agent calling this skill controls the input.
 scripts/create_tests.py:44
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned scripts/generate_code.py:95 — writes generated Python files to disk; scripts/cre…
Shell NONE WRITE ✓ Aligned scripts/run_tests.py:51-55 — subprocess.run(['cmd.exe','/c',full_cmd]); scripts/…
Network NONE NONE No network requests found in any script
Environment NONE READ ✓ Aligned os.environ.copy() in run_tests.py:56 and optimize_code.py:45 — only copies env f…
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access
Database NONE NONE No database access
Skill Invoke NONE NONE No cross-skill invocation

File Tree

7 files · 46.1 KB · 1344 lines
Python 5f · 1079L Markdown 2f · 265L
├─ 📁 references
│ └─ 📝 script-usage.md Markdown 172L · 5.0 KB
├─ 📁 scripts
│ ├─ 🐍 create_tests.py Python 219L · 7.9 KB
│ ├─ 🐍 debug_code.py Python 265L · 10.8 KB
│ ├─ 🐍 generate_code.py Python 138L · 3.7 KB
│ ├─ 🐍 optimize_code.py Python 320L · 10.8 KB
│ └─ 🐍 run_tests.py Python 137L · 4.5 KB
└─ 📝 SKILL.md Markdown 93L · 3.5 KB

Security Positives

✓ No network requests or external communications found in any script
✓ No credential harvesting, environment variable iteration, or sensitive file access
✓ No base64 encoding, obfuscation, or anti-analysis patterns
✓ No remote script execution (curl|bash, wget|sh patterns)
✓ No hidden functionality — all scripts are straightforward development automation
✓ Subprocess commands are constructed with absolute paths and controlled arguments, not shell-injected strings
✓ No data exfiltration or C2 communication
✓ No persistence mechanisms (cron, startup hooks, registry writes)
✓ No supply chain risks — no external dependencies declared or used