扫描报告
15 /100
skill_guard
Security scanner for AI Skills - scans code for risks before install or use
Legitimate security scanner tool that detects risk patterns in code, though with documentation-code mismatch for remote inspection feature.
可以安装
This skill is a genuine security scanner for AI skills. Use as intended for auditing unknown code. No malicious behavior detected.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Undocumented/Unimplemented Feature 文档欺骗 | skill_guard.py:1 |
| 低危 | Pattern Detection False Positives 文档欺骗 | skill_guard.py:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | _find_files() uses os.walk() to read file tree |
| 网络访问 | READ | NONE | ✓ 一致 | SKILL.md mentions inspect_remote() but function not implemented |
| 命令执行 | NONE | NONE | — | No shell execution found |
| 环境变量 | NONE | NONE | — | Code does not read environment variables |
目录结构
2 文件 · 9.1 KB · 245 行 Python 1f · 174L
Markdown 1f · 71L
├─
skill_guard.py
Python
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
Python standard library only | N/A | stdlib | 否 | Only uses os, re, json, dataclasses, typing, enum - all built-in modules |
安全亮点
✓ No actual malicious code execution detected - only pattern matching definitions
✓ No credential harvesting or data exfiltration
✓ No network-based C2 communication or data theft
✓ No reverse shell, backdoor, or persistence mechanisms
✓ Scanner reads files only for pattern matching, no destructive operations
✓ No obfuscation techniques (base64/rot13 in patterns are detection rules, not actual obfuscation)
✓ Dependencies are standard library only - no external supply chain risk