中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:2 天前 重新扫描
10 /100
run-coach
Science-based running coach with HD visual training plans and Garmin sync
A legitimate running coach skill with well-documented capabilities. All external network access (Telegram Bot API, Garmin Connect) is declared. No hidden functionality, credential theft, or malicious patterns detected.
技能名称run-coach
分析耗时45.8s
引擎pi
可以安装
Pin the garminconnect library version in SKILL.md to avoid unexpected breakage. Consider explicitly declaring browser:READ for the Playwright-based screenshot pipeline.

安全发现 3 项

严重性 安全发现 位置
低危
Playwright dependency not declared
The screenshot pipeline in screenshot.mjs uses playwright-core (and chrome-headless-shell) but SKILL.md only lists 'node' as a required binary. This is a minor doc gap — the browser usage is indirectly declared via the exec-based image pipeline instructions.
import { chromium } from '/app/node_modules/playwright-core/index.mjs';
→ Add 'playwright-core' and 'chrome-headless-shell' to the SKILL.md anyBins list under step 4.
 training/screenshot.mjs:1
低危
garminconnect version not pinned
SKILL.md instructs 'pip install garminconnect' without a version constraint. An unversioned pip install could pull a breaking change in the future.
pip install garminconnect
→ Pin the version, e.g., 'pip install garminconnect==2024.12.0' or equivalent.
 SKILL.md:77
提示
Telegram bot credentials transmitted to external API
TELEGRAM_BOT_TOKEN is sent in the URL path to api.telegram.org. This is normal and expected for a Telegram bot skill — not credential exfiltration.
const API = `https://api.telegram.org/bot${botToken}`;
→ No action needed — this is the standard Telegram Bot API usage.
 training/send-album.mjs:18
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 SKILL.md: 'pip install garminconnect'; garmin-sync.py writes to garmin/activitie…
网络访问 READ READ ✓ 一致 SKILL.md declares Telegram bot and Garmin Connect usage; send-album.mjs:18 POSTs…
命令执行 WRITE WRITE ✓ 一致 SKILL.md instructs agent to use exec/bash for training/text-to-image.sh and node…
环境变量 READ READ ✓ 一致 SKILL.md declares GARMIN_EMAIL, GARMIN_PASSWORD, TELEGRAM_BOT_TOKEN, TELEGRAM_CH…
浏览器 NONE READ ✓ 一致 screenshot.mjs uses Playwright/chrome-headless-shell to screenshot HTML, used vi…
2 项发现
🔗
中危 外部 URL 外部 URL
https://api.telegram.org/bot$
training/send-album.mjs:18
📧
提示 邮箱 邮箱地址
[email protected]
garmin/garmin-sync.py:37

目录结构

8 文件 · 31.6 KB · 920 行
Python 2f · 473L Markdown 2f · 228L JavaScript 2f · 116L Shell 2f · 103L
├─ 📁 garmin
│ ├─ 🐍 garmin-query.py Python 217L · 7.2 KB
│ └─ 🐍 garmin-sync.py Python 256L · 8.4 KB
├─ 📁 training
│ ├─ 📜 screenshot.mjs JavaScript 51L · 1.7 KB
│ ├─ 📜 send-album.mjs JavaScript 65L · 2.5 KB
│ ├─ 🔧 send-plan.sh Shell 45L · 1.4 KB
│ └─ 🔧 text-to-image.sh Shell 58L · 2.5 KB
├─ 📝 MEMORY.md Markdown 44L · 1.4 KB
└─ 📝 SKILL.md Markdown 184L · 6.5 KB

依赖分析 2 项

包名版本来源已知漏洞备注
garminconnect * pip Version not pinned — minor maintenance risk
playwright-core * npm Assumed pre-installed in /app/node_modules/; not explicitly listed in SKILL.md

安全亮点

✓ All shell execution (bash, node -e) is explicitly declared in SKILL.md agent instructions
✓ Telegram Bot API is the only external network destination — no suspicious IPs or URLs
✓ Garmin Connect is a known, legitimate third-party API — not a hidden exfiltration channel
✓ Garmin credentials are used only for Garmin Connect authentication and immediately discarded
✓ No base64 encoding, obfuscation, eval(), or dynamic code generation patterns
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive host paths
✓ Playwright uses chrome-headless-shell (not full Chrome), avoiding unnecessary attack surface
✓ Token caching uses .garth file in workspace — not credential stores
✓ All file writes are scoped to the skill's own garmin/ and training/ directories