中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
aegis-bridge
Orchestrate Claude Code sessions via Aegis HTTP/MCP bridge
A well-documented orchestration skill for managing local Claude Code sessions via a localhost HTTP API bridge. All capabilities are declared, all operations are local, and no malicious patterns detected.
技能名称aegis-bridge
分析耗时36.1s
引擎pi
可以安装
This skill is safe to use. No security concerns identified.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 SKILL.md: All HTTP calls to http://127.0.0.1:9100
命令执行 WRITE WRITE ✓ 一致 scripts/health-check.sh, scripts/setup-mcp.sh
文件系统 READ+WRITE READ+WRITE ✓ 一致 setup-mcp.sh writes to ~/.claude/settings.json
环境变量 NONE NONE No environment access detected
技能调用 NONE NONE No cross-skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
8 项发现
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/health
SKILL.md:12
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions
SKILL.md:27
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions/$SID/send
SKILL.md:42
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions/$SID/read
SKILL.md:52
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions/$SID
SKILL.md:87
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100
references/api-quick-ref.md:3
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions/$SID/approve
references/heartbeat-template.md:53
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:9100/v1/sessions/$SID/pane
references/heartbeat-template.md:69

目录结构

6 文件 · 17.8 KB · 566 行
Markdown 4f · 487L Shell 2f · 79L
├─ 📁 references
│ ├─ 📝 agent-template.md Markdown 61L · 1.6 KB
│ ├─ 📝 api-quick-ref.md Markdown 115L · 3.8 KB
│ └─ 📝 heartbeat-template.md Markdown 103L · 3.0 KB
├─ 📁 scripts
│ ├─ 🔧 health-check.sh Shell 32L · 791 B
│ └─ 🔧 setup-mcp.sh Shell 47L · 1.3 KB
└─ 📝 SKILL.md Markdown 208L · 7.4 KB

安全亮点

✓ All network requests are localhost-only (127.0.0.1:9100) - no external connectivity
✓ All shell scripts have clear, documented purposes (health check, MCP setup)
✓ File writes are confined to user config files (~/.claude/settings.json) and are declared
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64 encoding, eval(), or obfuscated code
✓ No remote code execution patterns (curl|bash, wget|sh)
✓ No hidden functionality - all 21 MCP tools and HTTP endpoints are documented
✓ Includes stall detection and proper session cleanup guidance