Scan Report
5 /100
virtuoso-skill
Cadence Virtuoso Skill语言开发辅助工具,包含API查询、代码校验、智能补全功能
This is a legitimate Cadence Virtuoso Skill development assistance tool with no malicious behavior. It provides API validation and querying for EDA software development.
Safe to install
This skill is safe to use. No security concerns identified.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Hardcoded data source paths in extraction scripts Doc Mismatch | scripts/extract_functions.py:74 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | skill_chatbot.py:49-66 reads JSON API database files |
| Network | NONE | READ | ✓ Aligned | skill_chatbot.py:175 starts Flask web server on 0.0.0.0 - declared in SKILL.md a… |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
| Environment | NONE | NONE | — | No environment variable access found |
| Skill Invoke | NONE | NONE | — | Not applicable to this skill |
2 findings
Medium External URL 外部 URL
http://your-server:8080 SKILL.md:58 Medium External URL 外部 URL
http://0.0.0.0: scripts/skill_chatbot.py:378 File Tree
6 files · 64.6 KB · 1132 lines Python 4f · 1018L
Markdown 1f · 113L
JSON 1f · 1L
├─
▾
references
│ └─
skill_api_database.json
JSON
├─
▾
scripts
│ ├─
extract_functions.py
Python
│ ├─
parse_api_data.py
Python
│ ├─
skill_chatbot.py
Python
│ └─
skill_lint.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
flask | * | pip | No | Optional, only needed for --web feature |
Security Positives
✓ No shell execution or subprocess usage
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communication
✓ No code obfuscation or base64-encoded payloads
✓ All functionality matches documentation
✓ Uses standard libraries only (json, re, pathlib, gzip)
✓ Web server feature explicitly documented in SKILL.md
✓ Flask dependency is optional and used for legitimate API querying UI