安全决策报告
browser-automation
This browser automation skill contains a hardcoded billing API key and extensive anti-detection documentation, presenting moderate security concerns without confirmed malicious behavior.
最直接的威胁证据
高危
Hardcoded billing API key exposed in source code BILLING_API_KEY = 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded in payment.py:12 instead of using environment variables
payment.py:12 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 2 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded API key exposure +20
BILLING_API_KEY exposed in payment.py:12 without environment variable usage
Anti-detection documentation +15
references/anti-detection-guide.md contains extensive bypass techniques
Undeclared network access +10
Billing HTTP requests to skillpay.me not declared in SKILL.md
最关键的证据
高危
Hardcoded billing API key exposed in source code
BILLING_API_KEY = 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded in payment.py:12 instead of using environment variables
payment.py:12 Use os.environ.get('SKILLPAY_API_KEY') instead of hardcoding the key
中危
Extensive anti-detection documentation
references/anti-detection-guide.md provides detailed instructions for bypassing bot detection, including proxy rotation, fingerprint browsers, and captcha solving services
references/anti-detection-guide.md:1 While browser automation often requires anti-detection measures, document the legitimate use cases and consider removing references to high-risk services
中危
Undeclared network API calls for billing
payment.py makes HTTP requests to skillpay.me for balance checks and charging, but this is not declared in SKILL.md
payment.py:29 Declare network access for billing purposes in SKILL.md
低危
Automation detection bypass flags
auto_login.py and data_scraper.py use '--disable-blink-features=AutomationControlled' to hide webdriver flags
scripts/auto_login.py:24 This is common practice for legitimate web automation but could be used for unauthorized scraping
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 WRITE
Scripts read/write data files (scraped_data.json, cookies) - legitimate for data scraping 网络访问 通过
声明 READ
→ 推断 READ+WRITE
payment.py makes POST requests to skillpay.me for billing - not declared in SKILL.md 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess/shell execution found 浏览器 通过
声明 WRITE
→ 推断 WRITE
Browser automation using Playwright - properly documented 可疑产物与外联
高危 API 密钥
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
高危 IP 地址
120.0.0.0 references/anti-detection-guide.md:49
中危 外部 URL
https://search.jd.com/Search?keyword=iPhone SKILL.md:100
中危 外部 URL
https://skillpay.me payment.py:11
中危 外部 URL
https://target-site.com references/anti-detection-guide.md:177
中危 外部 URL
http://2captcha.com/in.php references/automation-patterns.md:416
中危 外部 URL
http://2captcha.com/res.php?key= references/automation-patterns.md:427
中危 外部 URL
https://hooks.slack.com/... scripts/page_monitor.py:13
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| playwright | >=1.40.0 | pip | 否 | Version pinned with minimum |
| requests | >=2.31.0 | pip | 否 | Used for billing HTTP calls |
| beautifulsoup4 | >=4.12.0 | pip | 否 | — |
文件构成
14 个文件 · 3051 行
Markdown 6 个文件 · 1781 行Python 6 个文件 · 1230 行Text 1 个文件 · 21 行JSON 1 个文件 · 19 行
需关注文件 · 6
references/automation-patterns.md http://2captcha.com/in.php · http://2captcha.com/res.php?key=
scripts/page_monitor.py https://hooks.slack.com/...
scripts/auto_login.py Automation detection bypass flags
references/anti-detection-guide.md Extensive anti-detection documentation · 120.0.0.0 · https://target-site.com
SKILL.md https://search.jd.com/Search?keyword=iPhone
payment.py Hardcoded billing API key exposed in source code · Undeclared network API calls for billing · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
其他文件 · form_filler.py · web_scraper.py · anti-detection.md · browser-tools-reference.md · data_scraper.py · playwright-guide.md
安全亮点
Skill has clear, documented purpose (browser automation) aligned with implementation
No evidence of credential harvesting from target systems
No reverse shell, C2 communication, or data exfiltration detected
Web scraping capabilities appear consistent with declared purpose
Dependencies use reasonable versions (playwright>=1.40.0)