Scan Report
5 /100
meeting-risk-radar
会前识别高风险议题、模糊责任、缺失材料和可能失控的讨论点
This is a benign meeting pre-flight analysis skill with no malicious behavior: no network exfiltration, no credential theft, no obfuscation, and all declared capabilities match implementation.
Safe to install
No action needed. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:31 + scripts/run.py:17-22 read_text() reads local files only |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:32 + scripts/run.py:229 output_path.write_text() — only when --output i… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:32 permits python3 execution; script only uses Python standard library … |
| Network | NONE | NONE | — | No network calls found in scripts/run.py; uses only Python stdlib |
| Environment | NONE | NONE | — | os.environ iterated only for Path().expanduser() path resolution, not for creden… |
| credential_access | NONE | NONE | — | No access to ~/.ssh, ~/.aws, .env, or API key exfiltration |
1 findings
Medium External URL 外部 URL
https://example.invalid/skills/meeting-risk-radar SKILL.md:6 File Tree
9 files · 20.6 KB · 561 lines Python 1f · 282L
Markdown 7f · 243L
JSON 1f · 36L
├─
▾
examples
│ ├─
example-input.md
Markdown
│ └─
example-output.md
Markdown
├─
▾
resources
│ ├─
spec.json
JSON
│ └─
template.md
Markdown
├─
▾
scripts
│ └─
run.py
Python
├─
▾
tests
│ └─
smoke-test.md
Markdown
├─
README.md
Markdown
├─
SELF_CHECK.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No third-party dependencies — uses only Python standard library (json, csv, argparse, pathlib, re, collections)
✓ All file I/O is local and scoped to explicitly provided paths; no recursive directory traversal beyond specified limit
✓ No network requests, no HTTP libraries imported or called
✓ No credential harvesting: os.environ accessed only for path resolution, not iterated for secrets
✓ No obfuscation: all Python code is plaintext, no base64, no eval(), no exec()
✓ Pattern matching (PATTERNS dict) is defensive — scans input for risky patterns, does not execute them
✓ SKILL.md frontmatter declares shell/exec capability explicitly
✓ Output file writes require explicit --output flag, not automatic
✓ Argue parsing with proper error handling and non-zero exit codes for failures
✓ No curl|bash, no wget|sh, no remote script execution
✓ SELF_CHECK.md confirms security checklist passes