中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:2 days ago Rescan
20 /100
ai-orchestrator
DeepSeek AI via Puppeteer + CDP interceptor with persistent daemon, session persistence, diagnostics, and PM2 management
The skill is a legitimate DeepSeek AI browser automation tool using Puppeteer with proper documentation. High-risk IOCs flagged by pre-scan are false positives from pattern matching.
Skill Nameai-orchestrator
Duration59.6s
Enginepi
Safe to install
The skill can be used safely. Consider pinning puppeteer versions for improved supply-chain security.

Findings 4 items

Severity Finding Location
Low
Pre-scan IOC: Dangerous rm command flagged
Pattern matcher flagged 'rm -rf /' at line 133, but actual code shows 'rm -rf /dev/shm/.com.google.Chrome.*' - legitimate Chrome lock file cleanup in /dev/shm and /tmp only
execSync(`rm -rf /dev/shm/.com.google.Chrome.* 2>/dev/null || true`)
→ False positive - no action needed. Command is properly scoped to temporary Chrome lock files.
 ask-puppeteer.js:133
Low
Pre-scan IOC: Base64 encoding pattern
Buffer.from(body, 'base64') flagged as potential obfuscation. This is legitimate CDP network response body decoding - necessary for API response interception
body = Buffer.from(body, 'base64').toString('utf8')
→ False positive - base64 decoding is standard for CDP response handling, not code obfuscation
 ask-puppeteer.js:557
Info
Hardcoded user agent string
User agent masquerades as regular Chrome browser, which is standard practice for browser automation
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36'
→ Standard automation practice - no security concern for this use case
 ask-puppeteer.js:710
Info
Dependency versions not strictly pinned
puppeteer: ^24.40.0 allows minor/patch updates
"puppeteer": "^24.40.0"
→ Consider pinning to specific versions for improved supply-chain security
 package.json:14
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned Uses fs.writeFileSync for session files, cache, and diagnostics - all within ski…
Network READ READ ✓ Aligned Only connects to https://chat.deepseek.com/, uses CDP for API interception
Shell WRITE WRITE ✓ Aligned Limited execSync for Chrome process cleanup and lock file removal - scoped to br…
Browser WRITE WRITE ✓ Aligned Puppeteer browser automation - declared as core functionality
2 Critical 1 High 4 findings
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf /
ask-puppeteer.js:133
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(body, 'base64'
ask-puppeteer.js:557
📡
High IP Address 硬编码 IP 地址
131.0.0.0
ask-puppeteer.js:710
🔗
Medium External URL 外部 URL
https://chat.deepseek.com/
ask-puppeteer.js:215

File Tree

10 files · 167.1 KB · 4243 lines
JavaScript 5f · 2436L JSON 2f · 1221L Markdown 2f · 427L Shell 1f · 159L
├─ 🔧 ask-deepseek.sh Shell 159L · 5.8 KB
├─ 📜 ask-puppeteer.js JavaScript 1693L · 69.7 KB
├─ 📜 auth-check.js JavaScript 215L · 8.7 KB
├─ 📜 daemon-healthcheck.js JavaScript 292L · 10.6 KB
├─ 📜 deepseek-daemon.js JavaScript 80L · 2.8 KB
├─ 📜 diagnostics.js JavaScript 156L · 8.5 KB
├─ 📋 package-lock.json JSON 1199L · 42.2 KB
├─ 📋 package.json JSON 22L · 707 B
├─ 📝 REFERENCE.md Markdown 323L · 15.0 KB
└─ 📝 SKILL.md Markdown 104L · 3.0 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
puppeteer ^24.40.0 npm No Version not strictly pinned, allows minor updates
puppeteer-core ^24.40.0 npm No Version not strictly pinned

Security Positives

✓ No credential harvesting - script does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No data exfiltration - all data stays local, only connects to DeepSeek API
✓ Shell execution is limited to browser cleanup tasks, not arbitrary command execution
✓ Session data stored locally in skill directory only
✓ Proper error handling with try/catch throughout
✓ Rate limiting implemented to prevent abuse
✓ No eval(), no remote script execution (curl|bash pattern absent)
✓ No hidden functionality - code behavior matches SKILL.md documentation