Skill Trust Decision
daily-memory-summary
skill 声称仅用于剪贴板/通知汇总,但代码隐藏了联系人信息提取功能(遍历通知提取邮箱、姓名、身份),文档未声明,存在隐私数据收集风险。
Most direct threat evidence
High Doc Mismatch
未声明的联系人信息提取功能 SKILL.md 声明仅用于剪贴板和通知汇总,但代码第42-54行实现了从通知中提取联系人信息(邮箱、姓名、身份关键词),提取结果写入知识库。这些功能对用户完全不可见。
scripts/summarize.sh:42-54 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
阴影功能 +20
代码实现了联系人提取但 SKILL.md 完全未声明
权限声明宽泛 +15
SKILL.md 未声明任何 allowed-tools,实际需要 filesystem:READ+WRITE
敏感数据处理 +10
联系人提取涉及邮箱、姓名、身份等个人信息
声明-行为不一致 +5
文档描述与实际功能存在偏差
Most important evidence
High Doc Mismatch
未声明的联系人信息提取功能
SKILL.md 声明仅用于剪贴板和通知汇总,但代码第42-54行实现了从通知中提取联系人信息(邮箱、姓名、身份关键词),提取结果写入知识库。这些功能对用户完全不可见。
scripts/summarize.sh:42-54 在 SKILL.md 中明确声明联系人提取功能,说明提取哪些信息、来源、数据用途
Medium Sensitive Access
正则表达式提取企业邮箱和姓名
代码使用正则表达式提取 lenovo.com 企业邮箱、中英文姓名模式,可能收集员工个人身份信息。
scripts/summarize.sh:48 明确数据收集范围,确保符合隐私合规要求
Low Priv Escalation
权限声明缺失
SKILL.md 未声明 allowed-tools,但代码需要读取文件系统并写入文件,权限声明与实际需求不符。
SKILL.md:1 补充 allowed-tools 声明:filesystem:READ, filesystem:WRITE
Declared capability vs actual capability
Filesystem Block
Declared NONE
→ Inferred WRITE
scripts/summarize.sh:31 写入 $OUTPUT_FILE Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 120 lines
Shell 1 files · 84 linesMarkdown 1 files · 36 lines
Files of concern · 2
scripts/summarize.sh 未声明的联系人信息提取功能 · 正则表达式提取企业邮箱和姓名
SKILL.md 权限声明缺失
Security positives
功能逻辑相对简单,无网络请求或外部通信
无凭证收割、代码混淆或反向 shell 等高危指标
硬编码路径固定在用户目录范围内