Scan Report
5 /100
Ebook — Digital Book Collection & Reading Tracker
Manage ebook collections, track reading progress, and export highlights using bash and Python
A legitimate ebook management tool that stores data locally in JSONL format with no suspicious behavior, credential access, network requests, or obfuscation detected.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/script.sh:9 - DATA_DIR="$HOME/.ebook"; mkdir -p "$DATA_DIR" |
| Shell | WRITE | WRITE | ✓ Aligned | scripts/script.sh:44 - Uses python3 heredoc for command dispatch |
| Network | NONE | NONE | — | No curl/wget/network calls found |
| Environment | NONE | READ | ✓ Aligned | scripts/script.sh:368 - Reads SKILL_CMD and SKILL_ARGV for internal dispatch |
| Skill Invoke | NONE | NONE | — | No skill_invoke usage |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | Uses local JSONL file, not a database |
2 findings
Medium External URL 外部 URL
https://bytesagain.com SKILL.md:4 Info Email 邮箱地址
[email protected] SKILL.md:104 File Tree
2 files · 21.9 KB · 637 lines Shell 1f · 533L
Markdown 1f · 104L
├─
▾
scripts
│ └─
script.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ All file operations confined to ~/.ebook/ directory as documented
✓ No network requests or external IP communications
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob) detected
✓ Uses only Python standard library (json, os, uuid, datetime)
✓ Data export requires explicit --output parameter with user-controlled path
✓ Clear, readable code with no hidden functionality
✓ All 11 commands documented in SKILL.md with no undocumented behavior