中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:1 天前 重新扫描
25 /100
mp4-to-mp3-extractor
批量将指定目录下的 .mp4 视频文件提取为 .mp3 音频文件
A legitimate MP4-to-MP3 converter with undocumented dynamic package installation and unpinned dependencies, but no malicious behavior detected.
技能名称mp4-to-mp3-extractor
分析耗时58.1s
引擎pi
可以安装
Declare subprocess/shell:WRITE in SKILL.md permissions, pin all dependency versions, and document the ffmpeg auto-download and venv creation behaviors.

安全发现 5 项

严重性 安全发现 位置
中危
Undeclared subprocess usage 文档欺骗
SKILL.md declares only python bin requirement but code uses subprocess for ffmpeg, pip, and venv management. shell:WRITE permission is missing from declarations.
requires: bins: - python
→ Update SKILL.md to declare subprocess/shell:WRITE for ffmpeg execution, pip installs, and venv creation
 SKILL.md:1
中危
Undocumented dynamic package installation 文档欺骗
ensure_package.py auto-installs tqdm, ffmpeg-downloader, and pydub without user consent, version pinning, or documentation. This modifies the execution environment silently.
ensure_package.pip("tqdm", "tqdm")
→ Document dynamic package installation behavior or pre-install dependencies in a requirements.txt
 scripts/extract.py:17
中危
Unpinned dependencies with third-party mirror 供应链
All pip packages installed without version constraints from https://pypi.tuna.tsinghua.edu.cn/simple mirror. This enables dependency confusion attacks.
-i, https://pypi.tuna.tsinghua.edu.cn/simple
→ Pin all dependency versions (e.g., tqdm==4.66.0) and prefer official PyPI
 scripts/ensure_package.py:50
低危
Undeclared ffmpeg binary download 文档欺骗
ensure_ffmpeg() downloads ffmpeg binaries (~100-200MB) from third-party sites (gyan.dev, johnvansickle, evermeet) via ffdl install with interactive 'Y' input, not mentioned in docs.
subprocess.run(["ffdl", "install"], input="Y\n")
→ Document the automatic ffmpeg download or require users to pre-install it
 scripts/extract.py:40
低危
Undeclared virtual environment creation 文档欺骗
env_manager.py creates a venv at SKILL_ROOT/../../venv (outside skill directory) without documentation. This modifies system state beyond the skill directory.
VENV_DIR = _BASE_PATH.parent.parent.parent / "venv"
→ Document venv location or make it configurable within the skill directory
 scripts/config.py:22
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 scripts/extract.py:41-50 subprocess.run for ffmpeg
命令执行 NONE WRITE ✗ 越权 scripts/ensure_package.py:49-52 pip install subprocess
命令执行 NONE WRITE ✗ 越权 scripts/env_manager.py:67 venv.create and pip upgrade
文件系统 READ WRITE ✗ 越权 scripts/env_manager.py:70 creates venv directory
文件系统 READ WRITE ✗ 越权 scripts/logger_manager.py:32 writes rotating log files
3 项发现
🔗
中危 外部 URL 外部 URL
https://pypi.tuna.tsinghua.edu.cn/simple
scripts/ensure_package.py:50
🔗
中危 外部 URL 外部 URL
https://download.pytorch.org/whl/cpu
scripts/env_manager.py:148
🔗
中危 外部 URL 外部 URL
https://download.pytorch.org/whl/
scripts/env_manager.py:161

目录结构

8 文件 · 28.6 KB · 696 行
Python 5f · 556L Markdown 2f · 96L Ignore 1f · 44L
├─ 📁 scripts
│ ├─ 🐍 config.py Python 52L · 2.1 KB
│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB
│ ├─ 🐍 env_manager.py Python 235L · 10.4 KB
│ ├─ 🐍 extract.py Python 141L · 6.2 KB
│ └─ 🐍 logger_manager.py Python 55L · 2.6 KB
├─ 📄 .gitignore Ignore 44L · 735 B
├─ 📝 README.md Markdown 77L · 2.9 KB
└─ 📝 SKILL.md Markdown 19L · 808 B

依赖分析 4 项

包名版本来源已知漏洞备注
tqdm * pip Version not pinned
ffmpeg-downloader * pip Version not pinned
pydub * pip Version not pinned
pytorch * pip (commented) Code present but commented out

安全亮点

✓ No credential harvesting - environment variable access is limited to internal recursion control (RUNNING_IN_VENV)
✓ No network exfiltration - all network requests are to legitimate package mirrors (PyPI, gyan.dev)
✓ No obfuscation - all code is plaintext Python with clear docstrings
✓ No reverse shell or C2 communication
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ subprocess usage is legitimate CLI tool invocation (ffmpeg, pip, venv) appropriate for the stated purpose
✓ Error handling present with try-except blocks