Scan Report
5 /100
policy-to-checklist
把征稿启事、通知、比赛规则、制度文件、招标要求等转成可执行检查清单与时间线
Benign clipboard-reading skill that executes a single macOS command to extract text and output it — all capabilities are declared and there's no suspicious behavior.
Safe to install
No action needed. The skill is safe to use as designed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | metadata.bins: ["node", "pbpaste"]; SKILL.md usage block declares node execution |
| Clipboard | READ | READ | ✓ Aligned | scripts/read_clipboard.mjs:3 — reads clipboard via pbpaste |
| Filesystem | NONE | NONE | — | No file read/write operations in the codebase |
| Network | NONE | NONE | — | No network calls anywhere in the scripts |
| Environment | NONE | NONE | — | No os.environ access in scripts |
File Tree
4 files · 1.7 KB · 84 lines Markdown 3f · 65L
JavaScript 1f · 19L
├─
▾
scripts
│ └─
read_clipboard.mjs
JavaScript
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ All executed commands (node, pbpaste) are declared in SKILL.md metadata
✓ No file system writes or reads — strictly a clipboard-to-stdout passthrough
✓ No network access, no credential handling, no data exfiltration
✓ execSync runs a single fixed command with no user-controlled arguments
✓ Output is printed to stdout, not sent anywhere — no C2 or telemetry
✓ Clean codebase with only 19 lines of readable JavaScript
✓ No obfuscation, no base64, no eval, no dynamic command construction