中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:18 小时前 重新扫描
5 /100
proof-engine
Credibility engine that transforms business results into deployable proof content. Captures P&L, agent performance, funnel revenue, testimonials, milestones, and media mentions across 8 business domains.
A legitimate business reporting/credibility engine skill with no malicious behavior detected. All network activity is declared (Telegram only), no shell execution, no credential exfiltration, and no sensitive path access.
技能名称proof-engine
分析耗时44.7s
引擎pi
可以安装
Approve for deployment. The skill's capabilities match its documentation and its purpose is straightforward business data aggregation.

安全发现 2 项

严重性 安全发现 位置
低危
Over-broad filesystem:READ declaration 文档欺骗
SKILL.md declares filesystem:READ on 8 top-level directories (/workspace/proof/, /workspace/brand/, etc.), but proof_manager.py only reads from a narrow set of fixed subpaths (e.g., /workspace/CASHFLOW/TRACKING/tracker_state.json, /workspace/brand/AUDIT.md). The actual code does not traverse these directories broadly. No data is exfiltrated from any of these paths.
required_paths: read: [/workspace/proof/, /workspace/brand/, /workspace/CASHFLOW/, ...]
→ Narrow the declared read paths to match actual usage: /workspace/CASHFLOW/TRACKING/, /workspace/brand/, /workspace/revenue/, /workspace/content/, /workspace/.learnings/
 SKILL.md:12
低危
Environment variable access not declared as resource 敏感访问
proof_manager.py reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID from os.environ (line 98). SKILL.md lists these in requires.env metadata but does not map them to the environment:READ resource in the capability model. Values are used only for outbound Telegram notifications, not exfiltration.
token = os.environ.get('TELEGRAM_BOT_TOKEN'); chat_id = os.environ.get('TELEGRAM_CHAT_ID')
→ Declare environment:READ in capability map if env var access is considered a resource. Values should be documented as required inputs, not extracted secrets.
 proof_manager.py:98
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 proof_manager.py:30-38 (paths defined), proof_manager.py:161-207 (capture reads …
网络访问 READ READ ✓ 一致 proof_manager.py:97-107 (Telegram sendMessage only, hardcoded api.telegram.org)
命令执行 NONE NONE No subprocess, os.system, or shell execution in proof_manager.py
环境变量 NONE READ ✓ 一致 proof_manager.py:98 reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID; PROOF_DIR. De…
技能调用 NONE NONE No skill-to-skill invocation patterns found
剪贴板 NONE NONE No clipboard access found
浏览器 NONE NONE No browser automation found
数据库 NONE NONE No database access found
2 项发现
🔗
中危 外部 URL 外部 URL
https://api.telegram.org
SKILL.md:39
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot
proof_manager.py:99

目录结构

7 文件 · 66.2 KB · 2006 行
Python 1f · 994L Markdown 3f · 955L JSON 3f · 57L
├─ 📋 dashboard.json JSON 21L · 913 B
├─ 📋 opportunity_template.json JSON 20L · 422 B
├─ 📋 proof_item.json JSON 16L · 318 B
├─ 🐍 proof_manager.py Python 994L · 35.8 KB
├─ 📝 README.md Markdown 48L · 1.7 KB
├─ 📝 SKILL.md Markdown 761L · 22.7 KB
└─ 📝 storytelling.md Markdown 146L · 4.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
stdlib Python 3 standard library only none No pip/conda dependencies. Uses only: argparse, json, os, sys, datetime, urllib.request — all from Python stdlib

安全亮点

✓ No subprocess, os.system, or any shell execution — skill is pure Python with stdlib only
✓ No base64, eval, or code obfuscation patterns
✓ Network activity limited strictly to api.telegram.org for outbound notifications only
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, ~/.netrc, ~/.config/)
✓ No credential harvesting or exfiltration — TELEGRAM_* vars used only for outbound push
✓ No persistence mechanisms (no cron hooks, startup scripts, or backdoors)
✓ No supply chain risk — no external dependencies, pure stdlib only
✓ No prompt injection vectors detected
✓ All writes go to declared /workspace/proof/ directory tree only
✓ Comprehensive documentation matches core functionality