安全决策报告
stremio-cli
SKILL.md explicitly claims the main script is 'legacy and not used', but it is fully functional code that performs undeclared shell execution via subprocess.Popen.
最直接的威胁证据
01
Skill presented as safe browser automation tool in SKILL.md 初始入口 · SKILL.md
02
False statement claims script is 'not used' to hide true capabilities deception · SKILL.md
03
Full-featured Python script with browser + shell execution is actually deployed 权限提升 · scripts/stremio_cast.py
为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 2 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Skill presented as safe browser automation tool in SKILL.md
初始入口 · SKILL.md:1
02
False statement claims script is 'not used' to hide true capabilities
deception · SKILL.md:15
03
Full-featured Python script with browser + shell execution is actually deployed
权限提升 · scripts/stremio_cast.py:1
04
subprocess.Popen executes 'catt cast' shell command with captured stream URL
代码执行 · scripts/stremio_cast.py:67
风险分是怎么被拉高的
Doc deception - explicit false statement +25
SKILL.md line 15 states script is 'not used' when it's fully functional automation code
Undeclared shell execution +25
subprocess.Popen(['catt', ...]) at line 67 executes shell commands without any declaration
Suspicious hardcoded streaming server +10
Hardcoded URL contains local IP disguised as domain: 192-168-15-162.519b6502d940.stremio.rocks
Potential shell injection vector +5
stream_url captured from network intercept is passed to shell command without sanitization
最关键的证据
高危 文档欺骗
Explicit false statement about script status
SKILL.md line 15 states 'The script in scripts/stremio_cast.py is Portuguese/legacy and not used — we rely on the built-in browser tool instead.' This is demonstrably false. The script is fully functional Python code with complete automation logic including browser control, stream URL interception, and shell command execution.
SKILL.md:15 Remove this false statement. Either use the script and declare its capabilities, or remove it entirely.
高危 代码执行
Undeclared shell command execution via subprocess
The script executes 'catt cast' command via subprocess.Popen without any declaration in SKILL.md. This constitutes shell:WRITE capability that was never disclosed to the user.
scripts/stremio_cast.py:67 Declare shell:WRITE capability if this execution is intentional and necessary.
中危 敏感访问
Suspicious hardcoded streaming server URL
The URL contains a local network IP address (192.168.15.162) disguised as a subdomain of stremio.rocks. This could indicate a man-in-the-middle setup or a custom streaming server.
scripts/stremio_cast.py:10 Verify this is a legitimate Stremio streaming server. If it's a custom server, this should be disclosed.
低危 代码执行
Potential injection via unsanitized stream URL
The stream_url variable is captured from network request interception and passed directly to a shell command. If the URL contains special characters, this could be exploited.
scripts/stremio_cast.py:67 Validate and sanitize stream_url before passing to shell command.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 NONE
No file operations in script 网络访问 通过
声明 NONE
→ 推断 READ
scripts/stremio_cast.py:10 - Makes HTTP requests to external Stremio service 命令执行 阻止
声明 NONE
→ 推断 WRITE
scripts/stremio_cast.py:67 - subprocess.Popen(['catt', '-d', device, 'cast', stream_url]) 浏览器 通过
声明 READ
→ 推断 READ
Playwright browser automation is declared and used 可疑产物与外联
中危 外部 URL
https://app.strem.io/shell-v4.4/?streamingServer=https%3A%2F%2F192-168-15-162.519b6502d940.stremio.rocks%3A12470#/ scripts/stremio_cast.py:10
依赖与供应链
没有结构化依赖告警。
文件构成
3 个文件 · 135 行
Python 1 个文件 · 88 行Markdown 1 个文件 · 42 行JSON 1 个文件 · 5 行
需关注文件 · 2
scripts/stremio_cast.py Undeclared shell command execution via subprocess · Suspicious hardcoded streaming server URL · Potential injection via unsanitized stream URL · https://app.strem.io/shell-v4.4/?streamingServer=https%3A%2F%2F192-168-15-162.519b6502d940.stremio.rocks%3A12470#/
SKILL.md Explicit false statement about script status · [email protected]
其他文件 · _meta.json
安全亮点
Browser automation via Playwright is properly declared in SKILL.md
No credential harvesting or exfiltration logic observed
Script appears to be legitimate Stremio automation functionality