中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
github-pr-automation
Automate GitHub pull request workflows including creation, review, merging, and monitoring
The skill is a legitimate GitHub PR automation tool using the official gh CLI for all GitHub operations. No malicious behavior, credential harvesting, or undeclared functionality was found.
技能名称github-pr-automation
分析耗时29.9s
引擎pi
可以安装
Approve for use. The skill performs exactly as documented.
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 scripts/create_pr.js:5 - execSync for gh commands; scripts/monitor_pr.js:5 - gh …
文件系统 READ READ ✓ 一致 scripts/create_pr.js:21 - fs.readFileSync for templates
网络访问 READ READ ✓ 一致 All network operations use gh CLI (documented in SKILL.md)

目录结构

6 文件 · 10.2 KB · 400 行
JavaScript 2f · 216L Markdown 3f · 141L JSON 1f · 43L
├─ 📁 references
│ ├─ 📁 pr_templates
│ │ ├─ 📝 bugfix.md Markdown 20L · 398 B
│ │ └─ 📝 feature.md Markdown 30L · 877 B
│ └─ 📋 automation_rules.json JSON 43L · 899 B
├─ 📁 scripts
│ ├─ 📜 create_pr.js JavaScript 135L · 3.2 KB
│ └─ 📜 monitor_pr.js JavaScript 81L · 2.6 KB
└─ 📝 SKILL.md Markdown 91L · 2.3 KB

安全亮点

✓ Uses official gh CLI for all GitHub operations - no direct API calls
✓ No credential harvesting or environment variable access
✓ Template reading is explicitly documented and expected behavior
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env access)
✓ No base64, eval, or obfuscated code patterns
✓ No network exfiltration or suspicious outbound connections
✓ No remote script execution (no curl|bash or wget|sh patterns)
✓ No dependency on third-party libraries beyond Node.js built-ins