安全决策报告
birthday
The birthday management skill contains undeclared network access (webhook, SMTP email) and shell execution (JS sendmail), with sensitive personal data capable of external transmission.
最直接的威胁证据
为什么得出这个结论
1/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
通过
攻击链与高危发现
没有形成明确的恶意路径。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
风险分是怎么被拉高的
Undeclared network access (Python) +15
SMTP email via smtplib and webhook via urllib.request not declared in SKILL.md
Undeclared shell execution (JS) +10
child_process.spawnSync for 'which sendmail' and 'sendmail' not declared in SKILL.md
Data exfiltration potential +10
Birthday records with names, birthdates, and masked ID cards can be sent to user-configured webhook URLs
Environment variable access +5
Script reads SMTP credentials from environment variables (BIRTHDAY_SMTP_*), but only for legitimate config purposes
最关键的证据
中危 文档欺骗
Undeclared email notification channel
SKILL.md only documents 'agent' notification channel but Python implementation includes full SMTP email support via smtplib.SMTP. Email channel requires BIRTHDAY_SMTP_HOST, BIRTHDAY_SMTP_PORT, BIRTHDAY_SMTP_USERNAME, BIRTHDAY_SMTP_PASSWORD environment variables.
scripts/birthday_manager.py:309 Add email channel documentation to SKILL.md if intentional, or remove smtplib code
中危 文档欺骗
Undeclared webhook notification channel
Python implementation includes webhook support via urllib.request that POSTs notification data to user-configured URLs. This is not documented in SKILL.md.
scripts/birthday_manager.py:316 Add webhook channel documentation to SKILL.md if intentional, or remove urllib.request code
中危 文档欺骗
Undeclared shell command execution (JS)
JavaScript implementation uses child_process.spawnSync to execute 'which sendmail' and sendmail binary for email notifications. This shell:WRITE capability is not declared in SKILL.md.
scripts/birthday_manager.js:290 Document shell execution if email via sendmail is intentional, or refactor to use Node.js net module
低危 敏感访问
Environment variable access for credentials
Both scripts read SMTP credentials from environment variables (BIRTHDAY_SMTP_HOST, BIRTHDAY_SMTP_PASSWORD, etc.) via resolveConfigValue() function. This is legitimate for notification configuration but not documented.
scripts/birthday_manager.py:201 Document required environment variables in SKILL.md under notification configuration section
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 WRITE
Both scripts read/write birthdays.json for data persistence - documented 网络访问 阻止
声明 NONE
→ 推断 WRITE
Python: smtplib.SMTP, urllib.request (webhook); JS: none; SKILL.md only declares agent channel 命令执行 阻止
声明 NONE
→ 推断 WRITE
JS: child_process.spawnSync for 'which sendmail' and sendmail binary execution - not declared 环境变量 通过
声明 NONE
→ 推断 READ
Scripts read SMTP config from env vars (BIRTHDAY_SMTP_*), but only for notification channel 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| None (pure stdlib) | N/A | Python stdlib + Node.js stdlib | 否 | No npm dependencies in package.json, no pip requirements.txt - all code uses standard library only |
文件构成
7 个文件 · 1752 行
JavaScript 1 个文件 · 760 行Python 1 个文件 · 695 行Markdown 2 个文件 · 254 行JSON 2 个文件 · 39 行YAML 1 个文件 · 4 行
需关注文件 · 2
scripts/birthday_manager.py Undeclared email notification channel · Undeclared webhook notification channel · Environment variable access for credentials
scripts/birthday_manager.js Undeclared shell command execution (JS)
其他文件 · SKILL.md · data-format.md · package.json · notification.json · openai.yaml
安全亮点
ID card numbers are properly masked (first 6 and last 4 digits only)
No access to sensitive system paths (~/.ssh, ~/.aws, .env)
Package has zero third-party dependencies (no supply chain risk)
No base64-encoded or obfuscated code detected
No reverse shell, C2, or credential harvesting patterns
Email/webhook channels require explicit user configuration via notification.json
Webhook URL is user-controlled, not hardcoded to external servers
Lunar calendar conversion table is embedded (no external dependencies)
Both scripts are well-structured with proper error handling