Scan Report
0 /100
bugpack
BugPack - AI-powered bug tracking and fixing toolkit. List bugs, view bug details with screenshots, and fix bugs automatically.
BugPack is a straightforward bug tracking interface skill that exclusively makes HTTP requests to a local server (localhost:3456) with no filesystem, shell, or credential access.
Safe to install
Approve for use - no security concerns detected. The skill is a simple REST API client with well-defined, benign functionality.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | NONE | READ | ✓ Aligned | SKILL.md: HTTP GET/PATCH calls to localhost:3456 only |
| Filesystem | NONE | NONE | — | No file operations declared or present |
| Shell | NONE | NONE | — | No shell execution declared or present |
| Environment | NONE | NONE | — | No environment variable access |
| credential | NONE | NONE | — | No credential harvesting |
File Tree
1 files · 2.2 KB · 83 lines Markdown 1f · 83L
└─
SKILL.md
Markdown
Security Positives
✓ Only performs HTTP GET/PATCH requests to localhost - no external network access
✓ No shell execution, subprocess, or command injection vectors
✓ No credential harvesting or environment variable reading
✓ No filesystem writes or sensitive path access (~/.ssh, .env, etc.)
✓ No obfuscation (base64, eval, encoded strings)
✓ No downloads or remote script execution
✓ Clear, well-documented API-only interface
✓ Single-file skill with no hidden dependencies