中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
gh-cli
GitHub CLI for remote repository analysis, file fetching, codebase comparison, and discovering trending code/repos
Pure documentation-only skill containing no code, scripts, or dependencies. The flagged base64 -d usage is legitimate GitHub API response decoding, fully documented and expected behavior.
技能名称gh-cli
分析耗时31.5s
引擎pi
可以安装
No action needed. The skill is safe to use.
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md documents gh api, jq, gh search, and gh repo commands for remote reposi…
网络访问 READ READ ✓ 一致 gh CLI commands make outbound requests to github.com API only, as documented
文件系统 NONE NONE No filesystem access declared or inferred; gh api fetches remote content without…
1 严重 13 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
base64 -d
references/comparison.md:43
🔗
中危 外部 URL 外部 URL
https://www.apache.org/licenses/
LICENSE.txt:3
🔗
中危 外部 URL 外部 URL
https://slsa.dev/provenance/v1
references/actions.md:437
🔗
中危 外部 URL 外部 URL
https://git-scm.com/docs/gitcredentials.
references/getting_started.md:17
🔗
中危 外部 URL 外部 URL
https://lwn.net/Articles/835962/
references/other.md:495
🔗
中危 外部 URL 外部 URL
https://docs.brew.sh/Shell-Completion
references/other.md:584
🔗
中危 外部 URL 外部 URL
https://pkg.go.dev/regexp/syntax.
references/other.md:848
🔗
中危 外部 URL 外部 URL
https://choosealicense.com.
references/repositories.md:1452
🔗
中危 外部 URL 外部 URL
https://choosealicense.com/appendix
references/repositories.md:2030
🔗
中危 外部 URL 外部 URL
https://choosealicense.com/appendix.
references/repositories.md:2168
🔗
中危 外部 URL 外部 URL
https://my.ghes.com/owner/gh-extension
references/repositories.md:2382
🔗
中危 外部 URL 外部 URL
https://gh.io/setting-repository-visibility.
references/repositories.md:2408
📧
提示 邮箱 邮箱地址
[email protected]
references/repositories.md:164

目录结构

16 文件 · 203.8 KB · 8488 行
Markdown 15f · 8326L Text 1f · 162L
├─ 📁 references
│ ├─ 📝 actions.md Markdown 506L · 13.1 KB
│ ├─ 📝 comparison.md Markdown 168L · 4.6 KB
│ ├─ 📝 discovery.md Markdown 315L · 7.3 KB
│ ├─ 📝 extensions.md Markdown 99L · 1.7 KB
│ ├─ 📝 getting_started.md Markdown 39L · 1.0 KB
│ ├─ 📝 index.md Markdown 39L · 528 B
│ ├─ 📝 issues.md Markdown 477L · 10.1 KB
│ ├─ 📝 other.md Markdown 1725L · 37.6 KB
│ ├─ 📝 pull_requests.md Markdown 823L · 14.4 KB
│ ├─ 📝 releases.md Markdown 254L · 5.3 KB
│ ├─ 📝 remote-analysis.md Markdown 92L · 2.0 KB
│ ├─ 📝 repositories.md Markdown 2763L · 71.4 KB
│ ├─ 📝 search.md Markdown 372L · 11.1 KB
│ └─ 📝 syntax.md Markdown 432L · 8.9 KB
├─ 📄 LICENSE.txt Text 162L · 8.9 KB
└─ 📝 SKILL.md Markdown 222L · 5.9 KB

安全亮点

✓ Pure documentation-only skill — no executable code or scripts present
✓ SKILL.md accurately describes all functionality with no undocumented behavior
✓ All base64 usage is standard GitHub API response decoding, fully explained in documentation
✓ No credential harvesting, data exfiltration, or obfuscation patterns detected
✓ No supply chain risks since there are no dependencies or package files
✓ All network activity is confined to github.com via the documented gh CLI tool