中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
recognize_intent
识别自然语言意图类别并解析语义指标与维度(零售BI问数系统)
This is a legitimate BI intent-recognition skill for a retail data query system. All functionality (Gemini LLM calls, Milvus vector search, MySQL metric config loading) is fully documented, necessary, and standard for its stated purpose.
技能名称recognize_intent
分析耗时34.8s
引擎pi
可以安装
No action required. The skill is safe to use.

安全发现 1 项

严重性 安全发现 位置
低危
Hardcoded IP address as default Gemini API backend 文档欺骗
recognize_intent.py:969 hardcodes 'http://47.77.199.56/api/v1beta' as the default GEMINI_API_URL. While the IP is unusual (no DNS hostname), it is used only as a fallback when GEMINI_API_URL is not set in the environment. SKILL.md mentions 'Gemini REST' but does not explicitly document the IP.
base_url = os.getenv("GEMINI_API_URL", "http://47.77.199.56/api/v1beta").rstrip("/")
→ Replace hardcoded IP with a named host (e.g., GEMINI_API_HOST) to improve maintainability and reduce suspicion.
 recognize_intent.py:969
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md declares READ from .workflow/, code reads rewrite_output.json
网络访问 READ READ ✓ 一致 SKILL.md declares external service injection (Milvus, MySQL, Gemini); all outbou…
命令执行 NONE NONE No shell execution found in any file
数据库 NONE READ ✓ 一致 MySQL reads for metric config are injected via Protocol interfaces; not hardcode…
1 高危 3 项发现
📡
高危 IP 地址 硬编码 IP 地址
47.77.199.56
recognize_intent.py:969
🔗
中危 外部 URL 外部 URL
http://47.77.199.56/api/v1beta
recognize_intent.py:969
🔗
中危 外部 URL 外部 URL
https://dashscope.aliyuncs.com/compatible-mode/v1
recognize_intent.py:1016

目录结构

3 文件 · 93.0 KB · 2119 行
Python 1f · 1930L JavaScript 1f · 135L Markdown 1f · 54L
├─ 📜 index.js JavaScript 135L · 5.3 KB
├─ 🐍 recognize_intent.py Python 1930L · 85.1 KB
└─ 📝 SKILL.md Markdown 54L · 2.7 KB

依赖分析 5 项

包名版本来源已知漏洞备注
httpx * pip HTTP client for Gemini REST calls; not malicious
pymilvus * pip Vector database client; only for metric search
pymysql * pip MySQL client for metric config; read-only queries
openai * pip DashScope embedding client; standard embedding API
python-dotenv * pip Optional .env loader; only for dev convenience

安全亮点

✓ No shell execution, subprocess, or eval patterns found
✓ No credential harvesting or environment variable iteration for sensitive keys
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No base64-encoded payloads or obfuscation techniques
✓ No hidden functionality — all external service calls are declared in SKILL.md
✓ External service injection uses proper Protocol interfaces (not hardcoded connections)
✓ JWT token (BI-*) is a hardcoded default fallback, not dynamically stolen
✓ Dependency packages (httpx, pymilvus, pymysql, openai) are standard and appropriate
✓ No cron jobs, startup hooks, or persistence mechanisms
✓ No prompt injection or jailbreak instructions
✓ Graceful degradation when optional services fail