扫描报告
0 /100
bugpack
BugPack - AI-powered bug tracking and fixing toolkit. List bugs, view bug details with screenshots, and fix bugs automatically.
BugPack is a straightforward bug tracking interface skill that exclusively makes HTTP requests to a local server (localhost:3456) with no filesystem, shell, or credential access.
可以安装
Approve for use - no security concerns detected. The skill is a simple REST API client with well-defined, benign functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md: HTTP GET/PATCH calls to localhost:3456 only |
| 文件系统 | NONE | NONE | — | No file operations declared or present |
| 命令执行 | NONE | NONE | — | No shell execution declared or present |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 凭据 | NONE | NONE | — | No credential harvesting |
目录结构
1 文件 · 2.2 KB · 83 行 Markdown 1f · 83L
└─
SKILL.md
Markdown
安全亮点
✓ Only performs HTTP GET/PATCH requests to localhost - no external network access
✓ No shell execution, subprocess, or command injection vectors
✓ No credential harvesting or environment variable reading
✓ No filesystem writes or sensitive path access (~/.ssh, .env, etc.)
✓ No obfuscation (base64, eval, encoded strings)
✓ No downloads or remote script execution
✓ Clear, well-documented API-only interface
✓ Single-file skill with no hidden dependencies