扫描报告
5 /100
virtuoso-skill
Cadence Virtuoso Skill语言开发辅助工具,包含API查询、代码校验、智能补全功能
This is a legitimate Cadence Virtuoso Skill development assistance tool with no malicious behavior. It provides API validation and querying for EDA software development.
可以安装
This skill is safe to use. No security concerns identified.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Hardcoded data source paths in extraction scripts 文档欺骗 | scripts/extract_functions.py:74 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | skill_chatbot.py:49-66 reads JSON API database files |
| 网络访问 | NONE | READ | ✓ 一致 | skill_chatbot.py:175 starts Flask web server on 0.0.0.0 - declared in SKILL.md a… |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | NONE | NONE | — | No environment variable access found |
| 技能调用 | NONE | NONE | — | Not applicable to this skill |
2 项发现
中危 外部 URL 外部 URL
http://your-server:8080 SKILL.md:58 中危 外部 URL 外部 URL
http://0.0.0.0: scripts/skill_chatbot.py:378 目录结构
6 文件 · 64.6 KB · 1132 行 Python 4f · 1018L
Markdown 1f · 113L
JSON 1f · 1L
├─
▾
references
│ └─
skill_api_database.json
JSON
├─
▾
scripts
│ ├─
extract_functions.py
Python
│ ├─
parse_api_data.py
Python
│ ├─
skill_chatbot.py
Python
│ └─
skill_lint.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
flask | * | pip | 否 | Optional, only needed for --web feature |
安全亮点
✓ No shell execution or subprocess usage
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communication
✓ No code obfuscation or base64-encoded payloads
✓ All functionality matches documentation
✓ Uses standard libraries only (json, re, pathlib, gzip)
✓ Web server feature explicitly documented in SKILL.md
✓ Flask dependency is optional and used for legitimate API querying UI