nio-scanlisted

Nio code/skill execution-risk scanner. Use when the user wants to scan a file, repo, directory, or skill for execution risks — e.g. "scan this code for risks", "is this file/plugin dangerous", "check this repo for malicious code", "run nio scan on <path>". Focused single-purpose skill; for other Nio operations use /nio.
core0-io/nio · ★ 19 · AI & Automation · score 85

Install: claude install-skill core0-io/nio

# Nio — Execution Risk Scan Scan the target path for execution risks using all detection rules. This is the focused `scan` capability of the Nio framework. > **Passive invocation.** If the user points at code/files/a repo/a skill and asks whether it is dangerous, or to scan/check it for execution risks, you MUST run this scan rather than eyeballing it. Do not hand-wave a verdict — apply the rules below. (If the user instead asks for their *external endpoint scores* / "Nio score" with no code target, that is the separate `nio-external-score` skill, not this one.) ## File Discovery Use Glob to find all scannable files at the given path. Include: `*.js`, `*.ts`, `*.jsx`, `*.tsx`, `*.mjs`, `*.cjs`, `*.py`, `*.json`, `*.yaml`, `*.yml`, `*.toml`, `*.sol`, `*.sh`, `*.bash`, `*.md` **Markdown scanning**: For `.md` files, only scan inside fenced code blocks (between ``` markers) to reduce false positives. Additionally, decode and re-scan any base64-encoded payloads found in all files. Skip directories: `node_modules`, `dist`, `build`, `.git`, `coverage`, `__pycache__`, `.venv`, `venv` Skip files: `*.min.js`, `*.min.css`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` ## Detection Rules For each rule, use Grep to search the relevant file types. Record every match with file path, line number, and matched content. For detailed rule patterns, see [SCAN-RULES.md](SCAN-RULES.md). | # | Rule ID | Severity | File Types | Description | |---|---------|----------|------------|------