中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:1 天前 重新扫描
22 /100
docker-claude-code-setup
Guide for setting up Claude Code in Docker containers with ttyd web terminal, tmux session persistence, acpx multi-agent tool, and API configuration
A legitimate Docker Claude Code deployment guide with documented shell execution and standard infrastructure tooling, but lacking explicit capability declarations and containing a few broad permission examples.
技能名称docker-claude-code-setup
分析耗时38.2s
引擎pi
可以安装
Add explicit permission declarations in SKILL.md (shell:WRITE, filesystem:WRITE, network:READ). Remove the wildcard Bash(**) permission pattern from example configs in documentation. Consider pinning npm package versions to specific versions rather than latest.

安全发现 4 项

严重性 安全发现 位置
中危
Shell execution capabilities not declared in SKILL.md 文档欺骗
SKILL.md executes curl|bash, apt-get, npm, pkill, nohup, and other shell commands but does not declare shell:WRITE in its allowed-tools mapping. The capability model requires explicit declarations.
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
→ Add 'shell:WRITE' to the allowed-tools declaration at the top of SKILL.md and document each shell command category.
 SKILL.md:21
中危
curl|bash remote script execution pattern 代码执行
SKILL.md uses the risky curl|bash pattern to install Node.js from nodesource.com. While documented and standard practice, this pattern is a known high-risk indicator as it executes arbitrary remote code.
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
→ Consider pre-downloading the Node.js setup script, verifying its checksum, or using a package manager that handles this internally to reduce risk.
 SKILL.md:21
低危
Wildcard Bash(**) permission pattern shown in example 文档欺骗
claude-code-installation.md:52 shows a settings.local.json example with 'Bash(**)' wildcard permission, which grants unrestricted shell execution. This is shown as a configuration example but could be copy-pasted by users.
"Bash(**)"
→ Replace with least-privilege examples or add prominent warnings about the security implications of wildcard permissions.
 references/claude-code-installation.md:52
低危
Filesystem WRITE to user home directory not declared 权限提升
install-acpx.sh writes to ~/.acpx/config.json and start-ttyd.sh writes to ~/.tmux.conf without filesystem:WRITE being declared.
cat > ~/.acpx/config.json << 'EOF'
→ Declare filesystem:WRITE in SKILL.md if home directory file writes are part of the skill's behavior.
 scripts/install-acpx.sh:28
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 SKILL.md:21, SKILL.md:25, SKILL.md:32 — curl|bash, apt-get, npm install, pkill, …
文件系统 NONE WRITE ✓ 一致 install-acpx.sh:28, start-ttyd.sh:15 — writes ~/.tmux.conf, ~/.acpx/config.json …
网络访问 NONE READ ✓ 一致 SKILL.md:21, SKILL.md:25, start-ttyd.sh:43 — fetches from deb.nodesource.com, np…
环境变量 NONE READ ✓ 一致 SKILL.md:68 — skill instructs users to export ANTHROPIC_API_KEY, exposing enviro…
1 严重 10 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://deb.nodesource.com/setup_20.x | bash
SKILL.md:21
🔗
中危 外部 URL 外部 URL
https://deb.nodesource.com/setup_20.x
SKILL.md:21
🔗
中危 外部 URL 外部 URL
https://api.example.com/v1
SKILL.md:69
🔗
中危 外部 URL 外部 URL
http://HOST:6080
SKILL.md:103
🔗
中危 外部 URL 外部 URL
https://api.lkeap.cloud.tencent.com/coding/anthropic
references/api-configuration.md:10
🔗
中危 外部 URL 外部 URL
https://api.deepseek.com
references/api-configuration.md:11
🔗
中危 外部 URL 外部 URL
https://aip.baidubce.com/rpc/2.0/ai_custom/v1
references/api-configuration.md:12
🔗
中危 外部 URL 外部 URL
https://dashscope.aliyuncs.com/compatible-mode/v1
references/api-configuration.md:13
🔗
中危 外部 URL 外部 URL
https://api.example.com/anthropic
references/api-configuration.md:85
🔗
中危 外部 URL 外部 URL
http://YOUR_IP:6080
references/ttyd-tmux-setup.md:99

目录结构

7 文件 · 16.3 KB · 650 行
Markdown 5f · 563L Shell 2f · 87L
├─ 📁 references
│ ├─ 📝 acpx-setup.md Markdown 86L · 1.3 KB
│ ├─ 📝 api-configuration.md Markdown 106L · 2.3 KB
│ ├─ 📝 claude-code-installation.md Markdown 101L · 1.7 KB
│ └─ 📝 ttyd-tmux-setup.md Markdown 101L · 1.9 KB
├─ 📁 scripts
│ ├─ 🔧 install-acpx.sh Shell 40L · 833 B
│ └─ 🔧 start-ttyd.sh Shell 47L · 1.0 KB
└─ 📝 SKILL.md Markdown 169L · 7.1 KB

依赖分析 2 项

包名版本来源已知漏洞备注
@anthropic-ai/claude-code latest npm Version not pinned in SKILL.md
@anthropic-ai/acpx latest npm Version not pinned in SKILL.md

安全亮点

✓ All npm packages are from official @anthropic-ai and npmjs.com registries with no typosquatting detected
✓ No base64 encoding, obfuscation, or anti-analysis techniques found
✓ No credential harvesting, key exfiltration, or unauthorized data access observed
✓ Documentation explicitly includes security advice about not hardcoding API keys and using .env files
✓ API configuration examples reference legitimate providers (Anthropic, Tencent, DeepSeek, Baidu, Alibaba)
✓ No supply chain malicious dependency indicators found — no external scripts fetched at runtime