Skill Trust Decision
face-analysis
This TCM face-analysis skill contains hardcoded database credentials, undeclared database connectivity, and hidden token management functionality not documented in SKILL.md.
Most direct threat evidence
High Credential Theft
Hardcoded Database Credentials in config.yaml The config.yaml file contains plaintext database credentials including username 'admin' and password 'Smyx2025@db' connecting to MySQL at 172.31.16.2:3306. These credentials are committed to the codebase.
skills/scripts/common/config.yaml:4 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
2 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 4 severe findings.
Review
Dependencies and supply chain hygiene
3 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded database credentials in config files +20
config.yaml contains mysql://admin:Smyx2025@[email protected]:3306 with plaintext password
Undeclared database access functionality +20
dao.py implements SQLAlchemy CRUD operations on sys_user table storing tokens - not mentioned in SKILL.md
Feishu app secret hardcoded in config +15
config.yaml line 15 contains feishu-app--secret: zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r
Token storage in database +10
User model stores token and open_token fields with no encryption
Most important evidence
High Credential Theft
Hardcoded Database Credentials in config.yaml
The config.yaml file contains plaintext database credentials including username 'admin' and password 'Smyx2025@db' connecting to MySQL at 172.31.16.2:3306. These credentials are committed to the codebase.
skills/scripts/common/config.yaml:4 Remove hardcoded credentials; use environment variables or a secrets manager.
High Credential Theft
Hardcoded Feishu App Secret
The Feishu (Lark) application secret 'zYJMyYcB4kIF5uPCwFACBdmvbr3JkK8r' is hardcoded in config.yaml. This secret can be used to authenticate with Feishu APIs.
skills/scripts/common/config.yaml:15 Remove hardcoded secret; use environment variables for authentication tokens.
High Doc Mismatch
Undeclared Database Connectivity and Token Management
The skill SKILL.md only documents video face analysis, but the actual code implements full CRUD operations on a 'sys_user' database table that stores user tokens and open_tokens. This functionality is completely hidden from documentation.
skills/scripts/common/dao.py:54 Update SKILL.md to document all database operations and token management features, or remove this undeclared functionality.
High Supply Chain
Database Passwords in Test/Dev Configs with Special Characters
config-test.yaml and config-dev.yaml contain database credentials 'remoteuser:qA{tov-89atz0>opvim&!)[email protected]:3306' which may indicate password complexity but credentials are still hardcoded.
skills/scripts/common/config-test.yaml:1 Move all credentials to environment variables or a secrets manager.
Medium Sensitive Access
Environment Variable Reading for User Identification
The code reads OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID from environment variables for user identification, which is legitimate but worth noting for audit purposes.
skills/scripts/common/config.py:195 Document what user identification data is collected and how it is used.
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
scripts/face_analysis.py - file upload via multipart/form-data Network Block
Declared READ
→ Inferred WRITE
skills/scripts/common/dao.py:45 - database WRITE to MySQL server Database Block
Declared NONE
→ Inferred WRITE
skills/scripts/common/dao.py:54-180 - Full CRUD operations on sys_user table Suspicious artifacts and egress
High API Key
API_KEY = "your-api-key-here" README.md:11
High IP Address
172.31.16.2 skills/scripts/common/config.yaml:4
Medium External URL
https://your-api-server.com/api/v1/face-analysis README.md:10
Medium External URL
http://livemonitortest.lifeemergence.com/smyx-open-api skills/scripts/common/config-dev.yaml:4
Medium External URL
https://healthtest.lifeemergence.com/jeecg-boot skills/scripts/common/config-dev.yaml:5
Medium External URL
http://192.168.1.234:8080/jeecg-boot skills/scripts/common/config-dev.yaml:6
Medium External URL
https://open.lifeemergence.com/smyx-open-api skills/scripts/common/config.yaml:5
Medium External URL
https://lifeemergence.com/jeecg-boot skills/scripts/common/config.yaml:6
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| requests | 2.32.5 | pip | No | Version pinned - good practice |
| sqlalchemy | 2.0.46 | pip | No | Version pinned - good practice |
| pymysql | 1.1.2 | pip | No | Version pinned - good practice |
| cryptography | 3.4.8 | pip | No | Version not latest but stable release |
File composition
21 files · 2036 lines
Python 12 files · 1590 linesMarkdown 3 files · 286 linesText 1 files · 127 linesYAML 5 files · 33 lines
Files of concern · 3
skills/scripts/common/dao.py Undeclared Database Connectivity and Token Management
skills/scripts/common/config.py Environment Variable Reading for User Identification
README.md API_KEY = "your-api-key-here" · https://your-api-server.com/api/v1/face-analysis
Other files · util.py · skill.py · face_analysis.py · SKILL.md · api_service.py · requirements.txt +3
Security positives
No shell execution (subprocess) detected - skill uses only Python libraries
No base64-encoded payloads or obfuscation techniques observed
No direct IP address network requests to suspicious endpoints
No attempts to access ~/.ssh, ~/.aws, or other sensitive home directory files
No curl|bash or wget|sh remote script execution patterns
Legitimate API-based face analysis functionality as documented