中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:17 hr ago Rescan
5 /100
proof-engine
Credibility engine that transforms business results into deployable proof content. Captures P&L, agent performance, funnel revenue, testimonials, milestones, and media mentions across 8 business domains.
A legitimate business reporting/credibility engine skill with no malicious behavior detected. All network activity is declared (Telegram only), no shell execution, no credential exfiltration, and no sensitive path access.
Skill Nameproof-engine
Duration44.7s
Enginepi
Safe to install
Approve for deployment. The skill's capabilities match its documentation and its purpose is straightforward business data aggregation.

Findings 2 items

Severity Finding Location
Low
Over-broad filesystem:READ declaration Doc Mismatch
SKILL.md declares filesystem:READ on 8 top-level directories (/workspace/proof/, /workspace/brand/, etc.), but proof_manager.py only reads from a narrow set of fixed subpaths (e.g., /workspace/CASHFLOW/TRACKING/tracker_state.json, /workspace/brand/AUDIT.md). The actual code does not traverse these directories broadly. No data is exfiltrated from any of these paths.
required_paths: read: [/workspace/proof/, /workspace/brand/, /workspace/CASHFLOW/, ...]
→ Narrow the declared read paths to match actual usage: /workspace/CASHFLOW/TRACKING/, /workspace/brand/, /workspace/revenue/, /workspace/content/, /workspace/.learnings/
 SKILL.md:12
Low
Environment variable access not declared as resource Sensitive Access
proof_manager.py reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID from os.environ (line 98). SKILL.md lists these in requires.env metadata but does not map them to the environment:READ resource in the capability model. Values are used only for outbound Telegram notifications, not exfiltration.
token = os.environ.get('TELEGRAM_BOT_TOKEN'); chat_id = os.environ.get('TELEGRAM_CHAT_ID')
→ Declare environment:READ in capability map if env var access is considered a resource. Values should be documented as required inputs, not extracted secrets.
 proof_manager.py:98
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned proof_manager.py:30-38 (paths defined), proof_manager.py:161-207 (capture reads …
Network READ READ ✓ Aligned proof_manager.py:97-107 (Telegram sendMessage only, hardcoded api.telegram.org)
Shell NONE NONE No subprocess, os.system, or shell execution in proof_manager.py
Environment NONE READ ✓ Aligned proof_manager.py:98 reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID; PROOF_DIR. De…
Skill Invoke NONE NONE No skill-to-skill invocation patterns found
Clipboard NONE NONE No clipboard access found
Browser NONE NONE No browser automation found
Database NONE NONE No database access found
2 findings
🔗
Medium External URL 外部 URL
https://api.telegram.org
SKILL.md:39
🔗
Medium External URL 外部 URL
https://api.telegram.org/bot
proof_manager.py:99

File Tree

7 files · 66.2 KB · 2006 lines
Python 1f · 994L Markdown 3f · 955L JSON 3f · 57L
├─ 📋 dashboard.json JSON 21L · 913 B
├─ 📋 opportunity_template.json JSON 20L · 422 B
├─ 📋 proof_item.json JSON 16L · 318 B
├─ 🐍 proof_manager.py Python 994L · 35.8 KB
├─ 📝 README.md Markdown 48L · 1.7 KB
├─ 📝 SKILL.md Markdown 761L · 22.7 KB
└─ 📝 storytelling.md Markdown 146L · 4.4 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
stdlib Python 3 standard library only none No No pip/conda dependencies. Uses only: argparse, json, os, sys, datetime, urllib.request — all from Python stdlib

Security Positives

✓ No subprocess, os.system, or any shell execution — skill is pure Python with stdlib only
✓ No base64, eval, or code obfuscation patterns
✓ Network activity limited strictly to api.telegram.org for outbound notifications only
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, ~/.netrc, ~/.config/)
✓ No credential harvesting or exfiltration — TELEGRAM_* vars used only for outbound push
✓ No persistence mechanisms (no cron hooks, startup scripts, or backdoors)
✓ No supply chain risk — no external dependencies, pure stdlib only
✓ No prompt injection vectors detected
✓ All writes go to declared /workspace/proof/ directory tree only
✓ Comprehensive documentation matches core functionality