扫描报告
5 /100
mindflow
Converts text, Markdown files, or Txt files into mind map images using markmap and puppeteer
The 'mindflow' skill is a legitimate text-to-mindmap converter that uses markmap and puppeteer. The JavaScript implementation is straightforward and matches its documented purpose.
可以安装
No action needed. The skill is safe to use.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Dependencies not version-pinned 供应链 | SKILL.md:13 |
| 提示 | Puppeteer sandbox flags 权限提升 | scripts/html-to-image.js:287 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Line 302: fs.readFileSync(options.input, 'utf-8') |
| 文件系统 | WRITE | WRITE | ✓ 一致 | Line 331: screenshotOptions.path = outputPath |
| 网络访问 | NONE | NONE | — | No outbound network calls; puppeteer internal browser networking only |
| 命令执行 | NONE | NONE | — | No subprocess/exec calls found |
目录结构
2 文件 · 17.3 KB · 574 行 JavaScript 1f · 456L
Markdown 1f · 118L
├─
▾
scripts
│ └─
html-to-image.js
JavaScript
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
puppeteer | * | npm | 否 | Version not pinned in documentation |
markmap-cli | * | npm | 否 | Version not pinned in documentation |
markmap-lib | * | npm | 否 | Version not pinned in documentation |
markmap-render | * | npm | 否 | Version not pinned in documentation |
安全亮点
✓ Code is clean, well-structured, and readable
✓ No obfuscation, base64 encoding, or eval() usage
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communication
✓ No hidden functionality - implementation matches documentation
✓ Input validation present for file existence and type
✓ Error handling with try/finally blocks
✓ No reverse shell or RCE capabilities