Scan Report
0 /100
super-marketing-pro
Full-stack B2B marketing execution skill equivalent to a 10-person agency team. Covers strategy, content creation, multi-platform repurposing, email sequences, SEO analysis, competitor monitoring, and data reporting.
A completely legitimate B2B marketing automation skill with no malicious code, obfuscation, credential theft, or undeclared behavior detected across all 21 files.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:16 — scripts write output files with --output arg; content_repurposer.p… |
| Network | READ | READ | ✓ Aligned | SKILL.md:13 — scripts call OpenAI API via openai package; only outbound traffic … |
| Shell | NONE | NONE | — | No subprocess, os.system, or exec calls in any script |
| Environment | READ | READ | ✓ Aligned | SKILL.md:13 + llm_utils.py:7 — only reads OPENAI_API_KEY, used for LLM authentic… |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation or nested skill spawning found |
| Clipboard | NONE | NONE | — | No clipboard access in any script |
| Browser | NONE | NONE | — | No browser automation or web scraping found |
| Database | NONE | NONE | — | No database connections in any script |
File Tree
21 files · 98.1 KB · 2559 lines Python 9f · 1717L
Markdown 12f · 842L
├─
▾
references
│ ├─
abm_framework.md
Markdown
│ ├─
content_templates.md
Markdown
│ ├─
douyin_algorithm.md
Markdown
│ ├─
funnel_strategy.md
Markdown
│ ├─
keyword_library.md
Markdown
│ ├─
linkedin_guide.md
Markdown
│ ├─
messaging_icp_guide.md
Markdown
│ ├─
xiaohongshu_tips.md
Markdown
│ └─
youtube_seo.md
Markdown
├─
▾
scripts
│ ├─
competitor_monitor.py
Python
│ ├─
content_calendar.py
Python
│ ├─
content_repurposer.py
Python
│ ├─
data_reporter.py
Python
│ ├─
email_sequence_generator.py
Python
│ ├─
hashtag_generator.py
Python
│ ├─
llm_utils.py
Python
│ ├─
seo_analyzer.py
Python
│ └─
strategy_builder.py
Python
├─
PROMO_TEMPLATES.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
openai | not pinned in requirements.txt | pip (SKILL.md declaration only) | No | No requirements.txt file found; SKILL.md declares pip install openai without version pinning — minor supply chain concern but no security impact since the package is the official OpenAI SDK |
Security Positives
✓ All 9 Python scripts are cleanly written marketing automation tools with no malicious code
✓ SKILL.md accurately declares all scripts, dependencies (openai), and environment variables (OPENAI_API_KEY)
✓ No subprocess, os.system, exec, eval, or shell command execution anywhere in the codebase
✓ No credential theft or harvesting — only reads the declared OPENAI_API_KEY for LLM authentication
✓ No data exfiltration — all network traffic is outbound to the declared OpenAI API endpoint via the official openai package
✓ No obfuscation, base64 payloads, or hidden HTML comments found
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, known_hosts, etc.)
✓ No remote script execution (curl|bash, wget|sh, or similar patterns)
✓ Filesystem access is limited to reading declared source files (--source) and writing declared output files (--output)
✓ No supply chain risks — dependencies are minimal (openai package only), no unpinned versions used for anything sensitive
✓ Dead code after return statement in llm_utils.py (line 55) is a minor style issue, not a security concern