中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 62/100
上次扫描:19 小时前 重新扫描
62 /100
monid
Agentic payment platform CLI for data scraping from social media, e-commerce, and search platforms
The skill instructs users to execute a remote script via curl|bash (a critical high-risk pattern) which could be replaced with a malicious version at any time, and it generates/store API keys locally without declaring credential handling behavior.
技能名称monid
分析耗时55.1s
引擎pi
不要安装此技能
Do not use this skill. Replace curl|bash installation with verified binary downloads from tagged releases (e.g., download from a specific version tag rather than 'main' branch). Require the skill to declare all allowed tools in a _meta.json before use.

攻击链 5 步

入口 User invokes the skill and is prompted to install via curl|bash
SKILL.md:26
提权 Malicious actor compromises GitHub repo 'FeiyouG/monid-client' or performs MitM to serve a trojaned install.sh from the mutable 'main' branch
SKILL.md:26
提权 install.sh executes with user privileges, installing arbitrary binaries to ~/.local/bin/monid and potentially adding persistence hooks
SKILL.md:26
提权 User runs 'monid auth login' and 'monid keys generate' — the monid binary (supplied by the malicious install) could harvest OAuth tokens, Ed25519 private keys, and store them for exfiltration
SKILL.md:47
影响 API keys, OAuth tokens, and scraped data are exfiltrated to the attacker-controlled backend (monid-cli infrastructure)
SKILL.md:47

安全发现 7 项

严重性 安全发现 位置
严重
Remote script execution via curl|bash from mutable branch 代码执行
The skill instructs users to run 'curl -fsSL https://raw.githubusercontent.com/FeiyouG/monid-client/main/install.sh | bash' in at least 7 locations (lines 26, 31, 61, 75, 83, 98, 126, 137, 160, 163, 184, 201). The 'main' branch of a GitHub repo is mutable — a repo compromise or man-in-the-middle attack can silently replace the script with arbitrary malicious code that executes with the user's full privileges.
curl -fsSL https://raw.githubusercontent.com/FeiyouG/monid-client/main/install.sh | bash
→ Replace with pinned binary downloads from a tagged release, or provide SHA256 checksums. Never pipe remote content directly into bash.
 SKILL.md:26
严重
No allowed-tools declaration in _meta.json 权限提升
The skill has no _meta.json file and does not declare any allowed tools through the capability model. The capability model (filesystem, network, shell, environment, skill_invoke, clipboard, browser, database × NONE/READ/WRITE/ADMIN) is entirely undeclared, making it impossible to audit what resources this skill actually accesses when invoked.
No _meta.json found
→ Add a _meta.json with explicit allowed-tools declarations. Map Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE, WebFetch→network:READ as appropriate.
 SKILL.md:1
高危
Undeclared credential generation and local key storage 凭证窃取
The skill instructs users to generate API keys via 'monid keys generate --label main' and stores encrypted Ed25519 key pairs locally at ~/.monid/keys/. While these are local keys, the behavior is not declared in any security documentation, and the key generation mechanism runs inside a third-party CLI whose code is never reviewed.
monid keys generate --label main
→ Declare credential generation as a capability. Consider using environment variables or secrets management instead of local file storage for API keys.
 SKILL.md:47
高危
Skill name 'monid' has no verifiable public presence 文档欺骗
The skill claims to be a 'agentic payment platform CLI' but the brand 'Monid' / 'monid' has no verifiable public footprint outside this skill. The GitHub repo FeiyouG/monid-client is a single-person repo with no stars and no clear commercial entity behind it. A legitimate commercial scraping service would have verifiable documentation, company registration, and stable distribution channels.
name: monid
→ Verify the vendor identity independently. Request documentation of the corporate entity, privacy policy, and data handling practices before using this skill.
 SKILL.md:1
高危
Installation from mutable 'main' branch with no integrity check 供应链
The install.sh script is fetched from the 'main' branch with no GPG signature, no pinned commit hash, and no SHA256 verification. Even if the repo is legitimate today, it can be updated with malicious code at any time. The install script also runs with user-level privileges and could install persistence mechanisms.
curl -fsSL https://raw.githubusercontent.com/FeiyouG/monid-client/main/install.sh | bash
→ Download binaries from a specific tagged release (e.g., /releases/download/v1.0.0/monid-linux-x64). Provide SHA256 checksums in the documentation. Add version pinning.
 SKILL.md:26
中危
OAuth authentication stores credentials to ~/.monid/ 敏感访问
The OAuth login flow saves workspace information to ~/.monid/config.yaml. This file may contain OAuth tokens or session data. Accessing or storing credentials in the user's home directory is sensitive behavior that should be declared.
Workspace information is saved to ~/.monid/config.yaml
→ Declare that the skill accesses the ~/.monid/ directory. Use a permission-gated secrets store instead of plaintext config files in the home directory.
 SKILL.md:38
中危
Heavy bundling of documentation to reduce transparency 代码混淆
The references/capabilities.md file (1009 lines) is a reference table that could have been inline in SKILL.md. Separating it makes it harder to audit the full scope of the skill in one pass. This pattern can be used to hide additional instructions from quick reviewers.
References file with 1009 lines of additional capability data
→ Keep all skill documentation in a single SKILL.md file. Any additional reference data should be clearly linked and audited together.
 references/capabilities.md:1
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✓ 一致 SKILL.md:26 — curl -fsSL https://... | bash
网络访问 NONE READ ✓ 一致 SKILL.md:26,31 — raw script download from github.com
文件系统 NONE WRITE ✓ 一致 SKILL.md:38 — stores config to ~/.monid/config.yaml; SKILL.md:47 — stores keys t…
技能调用 NONE NONE No _meta.json; invocation model not declared
1 严重 2 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://raw.githubusercontent.com/FeiyouG/monid-client/main/install.sh | bash
SKILL.md:26
🔗
中危 外部 URL 外部 URL
https://amazon.com/dp/B0123456
SKILL.md:471

目录结构

2 文件 · 36.1 KB · 1114 行
Markdown 2f · 1114L
├─ 📁 references
│ └─ 📝 capabilities.md Markdown 390L · 13.3 KB
└─ 📝 SKILL.md Markdown 724L · 22.8 KB

依赖分析 1 项

包名版本来源已知漏洞备注
FeiyouG/monid-client main (mutable) github raw script CRITICAL: Installs via curl|bash from mutable branch with no integrity verification. The binary is a closed-source third-party tool whose code cannot be audited.

安全亮点

✓ The skill describes what platforms it can scrape (X, Instagram, TikTok, LinkedIn, YouTube, Facebook, Amazon, Google) — scope is relatively clear
✓ The skill includes pricing estimates for each capability, showing cost transparency
✓ The skill includes a 'What Monid CANNOT Do' section with constraints
✓ No direct code execution, obfuscation, or exfiltration loops found in the documentation itself
✓ Uses OAuth for authentication rather than password-based login