中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:1 day ago Rescan
0 /100
bp-manager
BP管理助手 — 查看/管理自己与下级的BP(目标/关键成果/关键举措)、AI质量检查
The bp-manager skill is a legitimate BP (Business Plan) management assistant that provides read/write operations against a corporate API. No malicious behavior, credential harvesting, or data exfiltration was detected.
Skill Namebp-manager
Duration30.4s
Enginepi
Safe to install
This skill is safe to use. Ensure BP_APP_KEY is stored securely and not logged in plain text.
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned scripts/bp_client.py:37-50 - Uses urllib.request for HTTP GET/POST to sg-al-cwor…
Environment READ READ ✓ Aligned scripts/bp_client.py:17 - Accesses BP_APP_KEY only
Shell NONE NONE No subprocess or shell execution found in code
Filesystem NONE NONE No file read/write operations in code
Skill Invoke EXEC EXEC ✓ Aligned SKILL.md declares bp_client and commands tools with exec permission
Clipboard NONE NONE No clipboard access found
Browser NONE NONE No browser automation found
Database NONE NONE No direct database access found
1 findings
🔗
Medium External URL 外部 URL
https://sg-al-cwork-web.mediportal.com.cn/open-api
scripts/bp_client.py:19

File Tree

9 files · 62.6 KB · 2137 lines
Markdown 7f · 1523L Python 2f · 614L
├─ 📁 design
│ └─ 📝 design.md Markdown 171L · 3.9 KB
├─ 📁 references
│ ├─ 📝 api-endpoints.md Markdown 162L · 4.8 KB
│ ├─ 📝 api-request--20260404.md Markdown 240L · 6.5 KB
│ └─ 📝 kangzhe-rules.md Markdown 200L · 6.3 KB
├─ 📁 scripts
│ ├─ 🐍 bp_client.py Python 219L · 8.2 KB
│ └─ 🐍 commands.py Python 395L · 13.8 KB
├─ 📝 README.md Markdown 173L · 4.2 KB
├─ 📝 setup.md Markdown 126L · 2.5 KB
└─ 📝 SKILL.md Markdown 451L · 12.4 KB

Security Positives

✓ All capabilities declared in SKILL.md match actual implementation
✓ No shell execution or subprocess usage
✓ No credential harvesting or exfiltration
✓ No base64 encoding or obfuscation
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ No curl|bash or wget|sh patterns
✓ Uses only Python standard library (urllib) - no third-party dependencies
✓ API endpoint uses HTTPS domain (not direct IP)
✓ Security considerations documented in design.md