安全决策报告
问专家技能
Skill documentation explicitly mentions bypassing robot detection and operating on authenticated browser sessions, suggesting potential for unauthorized automation and terms-of-service violations.
最直接的威胁证据
高危 代码执行
Bypass robot detection declared as legitimate use case The skill explicitly lists 'bypass robot detection scenarios' as an applicable use case. This suggests the tool is designed to circumvent anti-bot measures, which could violate terms of service of various platforms.
SKILL.md:58 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Bypass robot detection declared +25
SKILL.md explicitly lists 'bypass robot detection scenarios' as use cases
Authenticated session manipulation +15
Operates on user's already-logged-in browser without explicit user consent mechanism
No implementation code to audit +10
Only SKILL.md exists - actual execution logic cannot be verified
Automation tools (pyautogui) +5
Uses mouse automation which could enable screenshot harvesting or click fraud
最关键的证据
高危 代码执行
Bypass robot detection declared as legitimate use case
The skill explicitly lists 'bypass robot detection scenarios' as an applicable use case. This suggests the tool is designed to circumvent anti-bot measures, which could violate terms of service of various platforms.
SKILL.md:58 Remove bypass robot detection use cases. This functionality could facilitate unauthorized automated access to services.
中危 文档欺骗
Skill name misleads about actual functionality
Skill is named '问专家技能' (Ask Expert Skill) but actually automates browser control through Playwriter. The actual behavior (browser automation) is not apparent from the name.
SKILL.md:1 Rename skill to accurately reflect browser automation functionality
中危 敏感访问
Authenticated session manipulation without explicit consent
The skill operates on a user's already-logged-in Chrome browser. This means it can potentially access any authenticated sessions (email, banking, social media) without explicit per-action user consent.
SKILL.md:1 Implement explicit user consent workflow before each authenticated action.
低危 供应链
No implementation files to audit
Only SKILL.md documentation exists. Actual execution code cannot be reviewed for hidden behavior.
SKILL.md:1 Request full implementation code before production deployment.
声明能力 vs 实际能力
命令执行 通过
声明 WRITE
→ 推断 WRITE
SKILL.md - uses bash, python3 subprocess 浏览器 通过
声明 READ
→ 推断 READ
SKILL.md - controls Chrome via Playwriter 文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md - screenshot saving 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 88 行
Markdown 1 个文件 · 88 行
需关注文件 · 1
SKILL.md Skill name misleads about actual functionality · Bypass robot detection declared as legitimate use case · Authenticated session manipulation without explicit consent · No implementation files to audit
安全亮点
Uses documented Playwriter tool (open source browser automation framework)
No base64-encoded strings or obfuscated code observed
No credential harvesting or environment variable access detected
No network requests to external IPs documented