扫描报告
5 /100
policy-to-checklist
把征稿启事、通知、比赛规则、制度文件、招标要求等转成可执行检查清单与时间线
Benign clipboard-reading skill that executes a single macOS command to extract text and output it — all capabilities are declared and there's no suspicious behavior.
可以安装
No action needed. The skill is safe to use as designed.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | metadata.bins: ["node", "pbpaste"]; SKILL.md usage block declares node execution |
| 剪贴板 | READ | READ | ✓ 一致 | scripts/read_clipboard.mjs:3 — reads clipboard via pbpaste |
| 文件系统 | NONE | NONE | — | No file read/write operations in the codebase |
| 网络访问 | NONE | NONE | — | No network calls anywhere in the scripts |
| 环境变量 | NONE | NONE | — | No os.environ access in scripts |
目录结构
4 文件 · 1.7 KB · 84 行 Markdown 3f · 65L
JavaScript 1f · 19L
├─
▾
scripts
│ └─
read_clipboard.mjs
JavaScript
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ All executed commands (node, pbpaste) are declared in SKILL.md metadata
✓ No file system writes or reads — strictly a clipboard-to-stdout passthrough
✓ No network access, no credential handling, no data exfiltration
✓ execSync runs a single fixed command with no user-controlled arguments
✓ Output is printed to stdout, not sent anywhere — no C2 or telemetry
✓ Clean codebase with only 19 lines of readable JavaScript
✓ No obfuscation, no base64, no eval, no dynamic command construction