扫描报告
5 /100
Spell
Log anything fast and find it later with search and export. A simple offline logging utility.
Spell is a straightforward local logging utility with no network calls, credential access, or obfuscation — its behavior matches its documentation.
可以安装
No action needed. The skill is a simple bash logger that stores timestamped user inputs in ~/.local/share/spell/ and exports to json/csv/txt.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | scripts/script.sh — all commands are bash-builtin operations (echo, date, cat, g… |
| 文件系统 | WRITE | WRITE | ✓ 一致 | scripts/script.sh — mkdir -p $DATA_DIR, echo >> log files in ~/.local/share/spel… |
| 网络访问 | NONE | NONE | — | scripts/script.sh — zero curl, wget, nc, or any outbound network calls detected |
| 环境变量 | NONE | NONE | — | scripts/script.sh — only reads $HOME to build DATA_DIR; no iteration over os.env… |
| 凭据访问 | NONE | NONE | — | scripts/script.sh — no access to ~/.ssh, ~/.aws, .env, or similar sensitive path… |
3 项发现
中危 外部 URL 外部 URL
https://bytesagain.com SKILL.md:6 中危 外部 URL 外部 URL
https://bytesagain.com/feedback/ SKILL.md:98 提示 邮箱 邮箱地址
[email protected] SKILL.md:101 目录结构
2 文件 · 14.0 KB · 414 行 Shell 1f · 313L
Markdown 1f · 101L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ No network calls — script is fully offline as documented
✓ No credential harvesting — does not read SSH keys, AWS tokens, or .env files
✓ No obfuscation — entire script is readable plaintext bash
✓ No remote script download — no curl|bash, wget|sh, or equivalent patterns
✓ No base64, eval, or dynamic code execution
✓ No sensitive path access — operates exclusively in ~/.local/share/spell/
✓ No supply chain risk — no external dependencies, pure POSIX bash
✓ No persistence mechanisms — no cron, systemd units, or startup hooks
✓ Behavior matches documentation: offline logging utility with local export