中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
gh-cli
GitHub CLI for remote repository analysis, file fetching, codebase comparison, and discovering trending code/repos
Pure documentation-only skill containing no code, scripts, or dependencies. The flagged base64 -d usage is legitimate GitHub API response decoding, fully documented and expected behavior.
Skill Namegh-cli
Duration31.5s
Enginepi
Safe to install
No action needed. The skill is safe to use.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md documents gh api, jq, gh search, and gh repo commands for remote reposi…
Network READ READ ✓ Aligned gh CLI commands make outbound requests to github.com API only, as documented
Filesystem NONE NONE No filesystem access declared or inferred; gh api fetches remote content without…
1 Critical 13 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
base64 -d
references/comparison.md:43
🔗
Medium External URL 外部 URL
https://www.apache.org/licenses/
LICENSE.txt:3
🔗
Medium External URL 外部 URL
https://slsa.dev/provenance/v1
references/actions.md:437
🔗
Medium External URL 外部 URL
https://git-scm.com/docs/gitcredentials.
references/getting_started.md:17
🔗
Medium External URL 外部 URL
https://lwn.net/Articles/835962/
references/other.md:495
🔗
Medium External URL 外部 URL
https://docs.brew.sh/Shell-Completion
references/other.md:584
🔗
Medium External URL 外部 URL
https://pkg.go.dev/regexp/syntax.
references/other.md:848
🔗
Medium External URL 外部 URL
https://choosealicense.com.
references/repositories.md:1452
🔗
Medium External URL 外部 URL
https://choosealicense.com/appendix
references/repositories.md:2030
🔗
Medium External URL 外部 URL
https://choosealicense.com/appendix.
references/repositories.md:2168
🔗
Medium External URL 外部 URL
https://my.ghes.com/owner/gh-extension
references/repositories.md:2382
🔗
Medium External URL 外部 URL
https://gh.io/setting-repository-visibility.
references/repositories.md:2408
📧
Info Email 邮箱地址
[email protected]
references/repositories.md:164

File Tree

16 files · 203.8 KB · 8488 lines
Markdown 15f · 8326L Text 1f · 162L
├─ 📁 references
│ ├─ 📝 actions.md Markdown 506L · 13.1 KB
│ ├─ 📝 comparison.md Markdown 168L · 4.6 KB
│ ├─ 📝 discovery.md Markdown 315L · 7.3 KB
│ ├─ 📝 extensions.md Markdown 99L · 1.7 KB
│ ├─ 📝 getting_started.md Markdown 39L · 1.0 KB
│ ├─ 📝 index.md Markdown 39L · 528 B
│ ├─ 📝 issues.md Markdown 477L · 10.1 KB
│ ├─ 📝 other.md Markdown 1725L · 37.6 KB
│ ├─ 📝 pull_requests.md Markdown 823L · 14.4 KB
│ ├─ 📝 releases.md Markdown 254L · 5.3 KB
│ ├─ 📝 remote-analysis.md Markdown 92L · 2.0 KB
│ ├─ 📝 repositories.md Markdown 2763L · 71.4 KB
│ ├─ 📝 search.md Markdown 372L · 11.1 KB
│ └─ 📝 syntax.md Markdown 432L · 8.9 KB
├─ 📄 LICENSE.txt Text 162L · 8.9 KB
└─ 📝 SKILL.md Markdown 222L · 5.9 KB

Security Positives

✓ Pure documentation-only skill — no executable code or scripts present
✓ SKILL.md accurately describes all functionality with no undocumented behavior
✓ All base64 usage is standard GitHub API response decoding, fully explained in documentation
✓ No credential harvesting, data exfiltration, or obfuscation patterns detected
✓ No supply chain risks since there are no dependencies or package files
✓ All network activity is confined to github.com via the documented gh CLI tool