xgjk-skill 安全扫描报告 — 低风险 | ClawSafe

18 /100

xgjk-skill

玄关 Skill 全生命周期工具 — 发现平台已有 Skill、按 XGJK 协议创建新 Skill、发布/更新/下架 Skill

A legitimate skill lifecycle management platform tool with minor security issues (SSL bypass, unpinned requests dependency) but no malicious behavior detected.

技能名称xgjk-skill

分析耗时82.8s

引擎pi

✓

可以安装

Pin the requests library to a specific version and consider re-enabling SSL certificate verification for production use. Add missing tool declarations to SKILL.md.

安全发现 3 项

严重性	安全发现	位置
中危	Unpinned 'requests' dependency in work-report scripts 供应链 Both send_report_with_confirm.py and group_contacts.py import 'requests' without version constraints. Pip install could fetch a compromised version. `import requests` → Add 'requests>=2.28.0,<3.0.0' to a requirements.txt file and document installation instructions	`scripts/work-report/send_report_with_confirm.py:34`
低危	tools_provided only declares one tool, but skill offers 10+ 文档欺骗 SKILL.md tools_provided section only lists 'fetch_api_doc' as the sole tool, yet the skill offers skill-management (discover/publish) and work-report capabilities through scripts not declared in tools_provided. The workflow documentation covers the capabilities but they are missing from the formal tool declarations. `tools_provided: [{name: fetch_api_doc, category: exec, risk_level: low, permission: read}]` → Add skill-management and work-report tool declarations to tools_provided section, or clearly note they are workflow-based capabilities rather than direct tools	`SKILL.md:5`
低危	SSL certificate verification disabled in all HTTP clients 敏感访问 All 8 Python scripts disable SSL certificate verification (ssl.CERT_NONE, check_hostname=False). While potentially needed for internal API testing against self-signed certs, this enables man-in-the-middle attacks if scripts are used on hostile networks. `ctx.verify_mode = ssl.CERT_NONE; ctx.check_hostname = False` → Make SSL verification configurable via environment variable; default to verification enabled for production environments	`scripts/fetch_api_doc.py:38`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:fetch_api_doc + all scripts use urllib/requests
文件系统	`NONE`	`WRITE`	✓ 一致	SKILL.md workflows describe ZIP creation but only fetch_api_doc is in tools_prov…
命令执行	`NONE`	`NONE`	—	No subprocess/shell invocation; Python scripts use stdlib urllib
环境变量	`NONE`	`READ`	✓ 一致	Scripts read XG_USER_TOKEN, BP_APP_KEY, COMPANY_APP_KEY; documented in auth.md
技能调用	`NONE`	`EXEC`	✓ 一致	Skill creation/publishing workflow described in docs but not in tools_provided

15 项发现

🔗

中危外部 URL 外部 URL

https://skills.mediportal.com.cn

SKILL.md:61

🔗

中危外部 URL 外部 URL

https://cwork-web.mediportal.com.cn/user/login/appkey?appCode=cms_gpt&appKey=

common/auth.md:21

🔗

中危外部 URL 外部 URL

http://json-schema.org/draft-07/schema#

docs/XGJK_SKILL_PROTOCOL.md:239

🔗

中危外部 URL 外部 URL

https://api.weather-demo.com/openapi/weather/current

docs/XGJK_SKILL_PROTOCOL.md:1044

🔗

中危外部 URL 外部 URL

https://sg-cwork-api.mediportal.com.cn/im/skill/delete

openapi/skill-management/delete-skill.md:1

🔗

中危外部 URL 外部 URL

https://sg-cwork-api.mediportal.com.cn/im/skill/nologin/list

openapi/skill-management/get-skills.md:1

🔗

中危外部 URL 外部 URL

https://sg-cwork-api.mediportal.com.cn/im/skill/register

openapi/skill-management/register-skill.md:1

🔗

中危外部 URL 外部 URL

https://sg-cwork-api.mediportal.com.cn/im/skill/update

openapi/skill-management/update-skill.md:1

🔗

中危外部 URL 外部 URL

https://sg-cwork-api.mediportal.com.cn/ai-business/qiNiu/getSimpleUploadCredentials

openapi/skill-management/upload-to-qiniu.md:1

🔗

中危外部 URL 外部 URL

https://up-z2.qiniup.com/

openapi/skill-management/upload-to-qiniu.md:1

🔗

中危外部 URL 外部 URL

https://host/api-center/doc.html#/im/1.机器人管理/deleteMyRobotUsingPOST

scripts/fetch_api_doc.py:19

🔗

中危外部 URL 外部 URL

https://host/api-center/doc.html#/im/1.机器人管理/listVisibleUsingGET

scripts/fetch_api_doc.py:20

🔗

中危外部 URL 外部 URL

https://host/api-center/doc.html#/im/xxx/someAPI

scripts/fetch_api_doc.py:24

🔗

中危外部 URL 外部 URL

https://host/api-center/doc.html#/im/2.消息管理/msgListByIdsUsingPOST

scripts/fetch_api_doc.py:104

🔗

中危外部 URL 外部 URL

https://sg-al-cwork-web.mediportal.com.cn/open-api

scripts/work-report/group_contacts.py:21

目录结构

35 文件 · 161.7 KB · 4507 行

Markdown 24f · 2636L Python 10f · 1866L JSON 1f · 5L

├─ ▾ 📁 common

│ ├─ 📝 auth.md Markdown 43L · 2.2 KB

│ └─ 📝 conventions.md Markdown 66L · 2.6 KB

├─ ▾ 📁 design

│ ├─ 📝 DESIGN.md Markdown 32L · 1.6 KB

│ ├─ 📝 DISCUSSION-LOG.md Markdown 39L · 2.0 KB

│ └─ 📝 LEARNING-LOOP.md Markdown 34L · 1.5 KB

├─ ▾ 📁 docs

│ ├─ 📝 SKILL_CREATION_WORKFLOW.md Markdown 232L · 9.2 KB

│ ├─ 📝 SKILL_VALIDATION_CHECKLIST.md Markdown 82L · 3.8 KB

│ └─ 📝 XGJK_SKILL_PROTOCOL.md Markdown 1219L · 43.5 KB

├─ ▾ 📁 examples

│ └─ ▾ 📁 skill-management

│ └─ 📝 README.md Markdown 36L · 1.4 KB

├─ ▾ 📁 openapi

│ ├─ ▾ 📁 common

│ │ └─ 📝 appkey.md Markdown 31L · 509 B

│ └─ ▾ 📁 skill-management

│ ├─ 📝 api-index.md Markdown 13L · 1.4 KB

│ ├─ 📝 delete-skill.md Markdown 41L · 767 B

│ ├─ 📝 get-skills.md Markdown 40L · 698 B

│ ├─ 📝 pack-skill.md Markdown 30L · 845 B

│ ├─ 📝 publish-skill.md Markdown 55L · 1.7 KB

│ ├─ 📝 register-skill.md Markdown 50L · 1.1 KB

│ ├─ 📝 update-skill.md Markdown 49L · 1.0 KB

│ └─ 📝 upload-to-qiniu.md Markdown 48L · 1.0 KB

├─ ▾ 📁 references

│ ├─ 📝 auth-rules.md Markdown 23L · 712 B

│ ├─ 📝 routing-table.md Markdown 39L · 1.5 KB

│ └─ 📝 workflow.md Markdown 50L · 1.7 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 skill-management

│ │ ├─ 🐍 delete_skill.py Python 69L · 1.7 KB

│ │ ├─ 🐍 get_skills.py Python 174L · 5.7 KB

│ │ ├─ 🐍 pack_skill.py Python 84L · 2.8 KB

│ │ ├─ 🐍 publish_skill.py Python 144L · 5.5 KB

│ │ ├─ 📝 README.md Markdown 55L · 2.3 KB

│ │ ├─ 🐍 register_skill.py Python 85L · 2.5 KB

│ │ ├─ 🐍 update_skill.py Python 90L · 2.7 KB

│ │ └─ 🐍 upload_to_qiniu.py Python 225L · 8.1 KB

│ ├─ ▾ 📁 work-report

│ │ ├─ 🐍 group_contacts.py Python 180L · 5.7 KB

│ │ ├─ 📝 README.md Markdown 44L · 1.5 KB

│ │ └─ 🐍 send_report_with_confirm.py Python 494L · 16.3 KB

│ └─ 🐍 fetch_api_doc.py Python 321L · 11.2 KB

├─ 📋 _meta.json JSON 5L · 136 B

└─ 📝 SKILL.md Markdown 285L · 14.9 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned; used by work-report scripts

安全亮点

✓ No malicious behavior: no reverse shells, no C2, no data exfiltration to external servers

✓ Credential tokens stay internal: XG_USER_TOKEN and appKey are read from env vars and passed only to legitimate platform APIs (mediportal.com.cn, qiniu.com)

✓ Token exchange is properly scoped: auth.md documents the token flow through the official /user/login/appkey endpoint

✓ No credential harvesting: scripts do not enumerate os.environ for secrets or send credentials to third parties

✓ No obfuscation: all code is readable Python, no base64-encoded payloads or eval tricks

✓ Access control is documented: SKILL.md clearly separates nologin operations (discover/create) from auth-required operations (publish/delete)

✓ No hidden functionality: all file writes are documented (pack_skill.py creates ZIPs, fetch_api_doc.py writes parsed docs)

✓ Solid authentication rules: auth.md enforces token priority chain and prohibits asking users for credentials

✓ Work report safety: send_report_with_confirm.py requires explicit CONFIRM_SEND token and shows confirmation before sending

✓ No remote code execution: all execution is via Python stdlib urllib/requests, no shell commands or curl|bash patterns