中文 EN

扫描报告

扫描新文件

高风险 — 风险评分 62/100
上次扫描:19 小时前 重新扫描
62 /100
Email Analyzer
Analyzes, backs up, and deletes emails from [email protected] based on keyword filtering
The skill contains hardcoded credentials (email authorization code) in plaintext within source code and documentation, presenting significant credential exposure risk if the repository becomes public or is shared.
技能名称Email Analyzer
分析耗时45.4s
引擎pi
不要安装此技能
Remove hardcoded credentials from source code. Use environment variables or a secrets manager (e.g., .env file with .gitignore) to store the authorization code. The SKILL.md should reference environment variables rather than exposing the actual credential.

攻击链 3 步

提权 Attacker obtains repository or accesses skill files
SKILL.md:1
提权 Attacker extracts hardcoded authorization code from email_analyzer.py CONFIG
email_analyzer.py:17
影响 Attacker gains unauthorized access to [email protected] mailbox using harvested credentials
N/A

安全发现 4 项

严重性 安全发现 位置
高危
Hardcoded Email Authorization Code 凭证窃取
The IMAP authorization code 'WUEw8qhBwjzpUAZW' for [email protected] is hardcoded in plaintext within email_analyzer.py CONFIG dictionary. If the repository is exposed or shared, this credential could be harvested.
"password": "WUEw8qhBwjzpUAZW"
→ Move credentials to environment variables: os.environ.get('EMAIL_AUTH_CODE')
 email_analyzer.py:17
高危
Credentials Exposed in Documentation 文档欺骗
SKILL.md explicitly documents the full authorization code in the固化配置 table (lines 18-19), making it trivial to extract credentials from documentation alone.
授权码 | WUEw8qhBwjzpUAZW
→ Replace actual credential with placeholder: '授权码 | $EMAIL_AUTH_CODE'
 SKILL.md:18
中危
Email Content Access Without User Consent Flow 敏感访问
The view_email.py script fetches full RFC822 email content including body text. While documented, there's no user confirmation step before retrieving full email content.
# View Specific Email Content - 查看指定邮件完整内容
→ Add user confirmation prompt before fetching full email body
 view_email.py:1
低危
Credentials Not Pinned in Dependencies 凭证窃取
The imapclient library is used without explicit version pinning in requirements.txt (no requirements.txt found).
from imapclient import IMAPClient
→ Add requirements.txt with pinned versions: imapclient==2.3.1
 email_analyzer.py:6
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 IMAPClient connects to imap.126.com for email access
文件系统 WRITE WRITE ✓ 一致 Writes JSON backup files and analysis reports
命令执行 WRITE WRITE ✓ 一致 Shell script wraps Python execution; all documented
1 项发现
📧
提示 邮箱 邮箱地址
[email protected]
SKILL.md:12

目录结构

9 文件 · 33.0 KB · 1174 行
Python 7f · 856L Markdown 1f · 211L Shell 1f · 107L
├─ 🐍 backup.py Python 61L · 1.7 KB
├─ 🐍 delete_selective.py Python 138L · 4.2 KB
├─ 🐍 delete.py Python 86L · 2.4 KB
├─ 🐍 email_analyzer.py Python 301L · 9.9 KB
├─ 🔧 email-analyzer.sh Shell 107L · 2.8 KB
├─ 📝 SKILL.md Markdown 211L · 4.9 KB
├─ 🐍 verify.py Python 60L · 1.6 KB
├─ 🐍 view_details.py Python 99L · 2.7 KB
└─ 🐍 view_email.py Python 111L · 2.8 KB

依赖分析 1 项

包名版本来源已知漏洞备注
imapclient unpinned pip import No requirements.txt or version constraint found

安全亮点

✓ No reverse shell or C2 infrastructure detected
✓ No data exfiltration to external IPs beyond legitimate IMAP connection
✓ All shell operations are documented and necessary for the stated purpose
✓ Deletion operations require explicit --confirm flag and manual 'yes' input
✓ Backup functionality preserves data before deletion
✓ No obfuscation techniques (base64, eval) detected
✓ IMAP connection is to legitimate 126.com server only