中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
admissions-cv-writing
Writes study abroad admissions CVs and resumes with PDF export capability
This is a legitimate CV writing skill with standard PDF export functionality. All operations are declared, documented, and necessary for the stated purpose.
技能名称admissions-cv-writing
分析耗时36.4s
引擎pi
可以安装
No action required. The skill is safe to use.

安全发现 2 项

严重性 安全发现 位置
低危
Subprocess usage for dependency management
run.py uses subprocess.check_call for pip install and venv.create(). This is documented in SKILL.md and is standard practice for Python dependency isolation.
subprocess.check_call([str(VENV_PYTHON), '-m', 'pip', 'install', ...])
→ Already documented. No action needed.
 scripts/export-pdf/run.py:35
低危
Version unpinned dependencies
requirements.txt specifies 'weasyprint' and 'markdown' without version pins. While not ideal for reproducibility, this is a minor concern.
weasyprint
markdown
→ Consider pinning versions for reproducibility, e.g., 'weasyprint>=60.0'
 scripts/export-pdf/requirements.txt:1
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md declares read access for reference files; export_pdf.py reads .md files
命令执行 WRITE WRITE ✓ 一致 SKILL.md: 'python3 scripts/export-pdf/run.py'; run.py uses venv.create() and pip…
网络访问 NONE NONE No network calls detected; pip install is local venv only
环境变量 NONE NONE No environment variable access
数据库 NONE NONE No database access

目录结构

11 文件 · 38.9 KB · 1206 行
Markdown 7f · 594L Python 2f · 350L CSS 1f · 260L Text 1f · 2L
├─ 📁 references
│ ├─ 📝 bullet-expansion-guide.md Markdown 30L · 1.7 KB
│ ├─ 📝 cv-format-example.md Markdown 155L · 5.7 KB
│ ├─ 📝 info-requirements.md Markdown 55L · 3.1 KB
│ ├─ 📝 quality-checklist.md Markdown 40L · 1.5 KB
│ └─ 📝 writing-instructions.md Markdown 178L · 4.7 KB
├─ 📁 scripts
│ ├─ 📁 export-pdf
│ │ ├─ 📁 css
│ │ │ └─ 📄 offerclaw.css CSS 260L · 3.7 KB
│ │ ├─ 🐍 export_pdf.py Python 294L · 8.5 KB
│ │ ├─ 📄 requirements.txt Text 2L · 20 B
│ │ └─ 🐍 run.py Python 56L · 1.3 KB
│ └─ 📝 README.md Markdown 27L · 1.3 KB
└─ 📝 SKILL.md Markdown 109L · 7.5 KB

依赖分析 2 项

包名版本来源已知漏洞备注
weasyprint * pip Version not pinned; legitimate PDF generation library
markdown * pip Version not pinned; standard Markdown processor

安全亮点

✓ All functionality is fully documented in SKILL.md
✓ No credential harvesting or sensitive path access
✓ No base64-encoded commands or obfuscated code
✓ No network exfiltration or C2 indicators
✓ PDF export uses WeasyPrint, a well-established legitimate library
✓ Dependencies are isolated in a venv, protecting global environment
✓ Font loading uses safe local file URI patterns (as_uri())
✓ No eval() or dynamic code execution
✓ CSS uses standard templating with no hidden functionality