Scan Report
5 /100
aippt-marketing
调用小方同学skill技能,10倍效率生成专业、精美营销方案,可一键导出专业 PPT
This is a legitimate marketing PPT generation skill for aippt.cn. It uses exec/shell for API calls and PDF synthesis, browser for login, and filesystem writes for temp files — all declared and necessary for the stated purpose. The flagged 'rm -rf /' at line 444 is a false positive: the actual command is `rm -rf /tmp/aippt-pdf-TASK_ID`, which safely removes only the task-specific temp directory.
Safe to install
No action needed. The skill is safe for use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:metadata:requires:exec:true |
| Browser | READ | READ | ✓ Aligned | SKILL.md:metadata:requires:browser:true |
| Network | READ | READ | ✓ Aligned | SKILL.md:all curl/WebFetch calls target declared aippt.cn base URL |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:mkdir -p /tmp/aippt-pdf-TASK_ID, node -e writes, python3 writes |
1 Critical 17 findings
Critical Dangerous Command 危险 Shell 命令
rm -rf / SKILL.md:444 Medium External URL 外部 URL
https://www.aippt.cn/personal-center?is_from=marketing&utm_type=fanganskill&utm_source=fanganskill&utm_page=fangan.cn&ut... README.md:49 Medium External URL 外部 URL
https://www.fangan.cn README.md:74 Medium External URL 外部 URL
https://www.aippt.cn/personal-center?is_from=marketing README.md:75 Medium External URL 外部 URL
https://www.aippt.cn/api/marketing SKILL.md:20 Medium External URL 外部 URL
https://www.aippt.cn SKILL.md:21 Medium External URL 外部 URL
https://www.aippt.cn/personal-center?utm_type=fanganskill&utm_source=fanganskill&utm_page=fangan.cn&utm_plan=fanganskill... SKILL.md:65 Medium External URL 外部 URL
https://www.aippt.cn/marketing/home?utm_type=fanganskill&utm_source=fanganskill&utm_page=fangan.cn&utm_plan=fanganskill&... SKILL.md:120 Medium External URL 外部 URL
https://www.aippt.cn/api/user/info SKILL.md:128 Medium External URL 外部 URL
https://www.aippt.cn/api/marketing/create SKILL.md:163 Medium External URL 外部 URL
https://www.aippt.cn/api/marketing/task/create SKILL.md:182 Medium External URL 外部 URL
https://www.aippt.cn/api/marketing/task/result?thread_id=THREAD_ID&message_seq=MESSAGE_SEQ&include_start_message=false SKILL.md:205 Medium External URL 外部 URL
https://www.aippt.cn/api/marketing/image/gen/job/result?job_ids=JOB_IDS&task_id=TEXT_TASK_ID SKILL.md:336 Medium External URL 外部 URL
https://tmpfiles.org/api/v1/upload SKILL.md:419 Medium External URL 外部 URL
http://tmpfiles.org/ID/filename.png references/api-details.md:439 Medium External URL 外部 URL
http://tmpfiles.org/29295630/aippt-qrcode.png references/api-details.md:441 Medium External URL 外部 URL
https://tmpfiles.org/dl/29295630/aippt-qrcode.png references/api-details.md:442 File Tree
5 files · 32.4 KB · 1042 lines Markdown 3f · 1013L
JSON 2f · 29L
├─
▾
references
│ └─
api-details.md
Markdown
├─
_meta.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
pdf-lib | not pinned in package.json | npm | No | Referenced in SKILL.md for PDF generation; version not specified in package.json |
glob | not pinned in package.json | npm | No | Referenced in SKILL.md for file globbing; version not specified in package.json |
Security Positives
✓ All capabilities are explicitly declared in SKILL.md metadata (exec, browser)
✓ Shell commands (curl, node, python3) are used exclusively for legitimate API calls and PDF synthesis — all documented
✓ RSA encryption for passwords is standard practice; password never stored or logged
✓ No base64-encoded execution, no obfuscation, no direct IP network requests
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No credential exfiltration — token is used only for aippt.cn API calls
✓ External URLs all resolve to legitimate aippt.cn services or tmpfiles.org (public upload)
✓ Pre-scan critical IOC 'rm -rf /' is confirmed false positive — actual command is safe temp dir cleanup
✓ Dependencies (pdf-lib, glob) are standard npm packages with MIT license